Or you can just find the specific state or states in the table and kill it/those. But sure a full flush works too ;)

Well then you would see the traffic via tcpdump then... You sure your using the correct interface em0?

Capture all traffic - are you seeing traffic at all on that interface... If your not seeing traffic to whatever port its on.. Then your coming in a different interface, you have the wrong interface selected, or the wrong port.

Why would you change ports? Because your block rule wasn't working and you think changing the port would magically start working? If you allow traffic, and state is created and then create a block rule - you have to flush the old state.

It doesn't look like the code that gathers the stats for RRD is aware of pools, only the main range.

If there isn't already an entry on https://redmine.pfsense.org for that, open a new feature request there.

@Derelict I know this is old... I just wanted to thank you for the steps. Got me back up and running quick when a certificate was accidentally revoked. Thank you!

Its answered here

https://forum.netgate.com/topic/149857/web-gui-auto-redirect-http-connection-to-https

I cant close thread, can moderator do it, please.

Thanks.

And this just answered my question here:

https://forum.netgate.com/topic/150042/after-changing-pfsense-from-http-to-https-i-must-type-https-xxxxxx-xx-to-reach-web-page

Im using custom port, so yeah.

Thanks for clarification.

Depends on the network architecture. If it's a workstation VM on the same host as pfS VM, it (Private) would work. But not for Inet access for anything downstream on the LAN, not even the host. https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/get-started/create-a-virtual-switch-for-hyper-v-virtual-machines
c70e1185-082b-486a-9d22-68b838f04cc0-image.png

My hn0 interface is down, how do i bring it up?

Hello.
I think this issue is https://redmine.pfsense.org/issues/8987
As workaround, you can apply the steps as indicated on https://redmine.pfsense.org/issues/8987

Go to SERVICES - DNS RESOLVER - GENERAL SETTINGS Go to section HOST OVERRIDES. Clic ADD. Type these values:
host: ews
domain: netgate.com
ip: 127.0.0.1 Clic SAVE. Clic APPLY SETTINGS. Clic top left corner (Pfsense logo) and dashboard loads very fast (no slow for 60 seconds)

I tried this workaround using a Pfsense server without Internet connection.

pfBlockerNG is a package and not part of the base system, so that's up to the package author to decide.

In pfSense, generally speaking links to things on the firewall are not forced to a new window. The main exceptions are links to external resources, such as items in the Help menu.

@AndersKeiser said in Can't reach webgui, error took too long to respond:

So the cause of the issue seems to be the wan and lan being on the same network

A router want to (needs to !) route between different networks.
If you have a network A and A on both side (like 192.168.1.0/24 on both sides) you should replace the router (pfSense) by a switch ;)

Yeah that alternate name is not the same as SAN in the cert.. That is so you don't get rebind or http_referer problems..

IP would not be valid there ever..

If you want to do rfc1918 IP in your cert, you would have to have your own local CA sign the cert. There is no public CA that would sign a cert with rfc1918 IPs in them..

I use san for my rfc1918 address in my web gui.. Where did you get that cert? From a public CA, or did you create the cert with CA you have running on pfsense?

Hi,

Users created in the user manager ?
pfSense needs an admin, or two. Not a boat load of people ^^

The build in pfSense "user manager" isn't user IP aware. But you could have a look at other authentication back-ends, like the FeeRadius package. It has huge possibilities - and filtering user(name) and IP's seems possible to me.
No firewall rules needed, promised. Just the very deep learning curve of FreRadius.

Yes, only when I changed to the SFP+ port. When I was using the rj45 port it showed the LAN as being "UP".

I actually went to System/Certificate Manager/Certificates and exported certificate. After that I imported it to my account. I didn't see option to proceed in the web page for some reason. I hope this will work. I'll update results tomorrow if problem persists.
Thank you for your help Renat.