@GPz1100 said in GUI services in the system log are filled with nginx messages: @fireodo , @SteveITS I assume this does not survive updates and has to be edited each time? That is correct! Or has gui log level been added to a gui setting to be managed (set different log level or disable entire)? No, not in 2.7.2 and not in 24.11

@Almas said in How to increase nginx php-fpm timeout?: There was the file "/etc/inc/system.inc" was used to generate the /var/etc/nginx-webConfigurator.conf Just keep in mind that files like "/etc/inc/system.inc" will get updated (rewriiten, new version) when upgrading pfSense. Also, likewise, when patches are published and it modifies a file modified by you, the patch might not apply. So, keep some local documentation about your modifications, so you can re apply your mods later on, if needed.

Your rule has a syntax error. I believe this is an invalid address specification: 10.0.0.0/8 ![10.0.0.0/8] And you should post questions related to the IDS/IPS packages (Snort and Suricata) in the IDS/IPS sub-forum here: https://forum.netgate.com/category/53/ids-ips.

The answer is: Set: WebCfg - All pages Allow access to all pages (admin privilege) followed by: User - Config: Deny Config Write

@Izaac It worked perfectly—thanks so much for your help!

@fireix You could run "top" and see what the CPU usage is. 10 seconds is not that long compared to say a 2100 or 3100 loading a couple dozen entries with, say, all US IPs as an alias.

@jakespeed said in webui becomes inaccessible every few minutes: i am running some usb nics if they're known to be troublesome SSH or console, run tail -f /var/log/system.log What happens when the GUI (web server) dies ? @jakespeed said in webui becomes inaccessible every few minutes: i am running some usb nics if they're known to be troublesome Hummm. USB networking .... I wouldn't even advise my worse enemy to use that solution FreeBSD (underlying OS of pfSEnse) a,nd USB NICs don't often play well. Also, more general, the slights electrical miss contact on the USB NIC contacts will wreck havoc in the networking subsystem - interfaces get taken down, reconnect, etc etc.

@jacobrale Are you drunk ?

@Cylosoft said in Button issue in ACME: I thought bad browser cached items also That would be my second suggestion. I saw it happening just ones, a while back, but the issue was gone before I could take a closer look. The issue is known, btw, as others mentioned it, still not clear (to me) what the common conditions are.

@planetinse Comparable to, for example, a Microsoft Windows back (Restore point ?), you can not backup a config on one device - let's call it pfSense1 and then restore it on another device, called pfSense2. That is, this is possible if you are willing to edit the config file. Only experts should do this, and everybody else willing to accept the consequences. Consequences are : The hardware NIC drivers names, like em0 or igb1 should be identical. Be aware : the unique pfSense device ID should not the same : [image: 1728297733878-f8432baf-d382-4f68-9c46-d9353acb4699-image.png] and true : the could be identical. You could try this : Copy the 'block' with HAProxy package settings from one config to the other. Be aware (I never used HAProxy) : there could be several section. Be aware : if, for example, HAProxy uses certificates from the certificate pfSense store, the certificate reference should be checked and probably for the destination pfSense. Be aware : the will be most probably other things to check. I guess you get it by now : it's an trail and error process, where you need to start worrying when things "seems to work" as they didn't fail yet ^^

@accidentallyadmin oh yeah I did. There was a bug in pfblocker restoring from backup didn't help in my case because the package was still installed. I was able to get it working :D

@accidentallyadmin Nevermind, I found it

@wgstarks yeah I don't have mac anything, only apple I have is iphone and ipad.. and not having any issues with those devices. But yeah if you have a CA already and signed cert.. If it was installed the error would be that its expired not that you don't trust it.

@Gertjan hmm, yeah disabling that it stopped binding and it makes sense that to redirect it should also bind port 80. However, that option is actually very useful. Then the problem is with HAProxy. It is trying to bind to every interface with "0.0.0.0" when WAN IP is not present. This should be the problem. Can someone try to replicate that?

@denitrosubmena said in PLEASE stop enforcing firewall rules on pfsense!!! Let us manage our own firewall rules!!!: My use-case i have pfsense installed at the edge and i need to access it via the WAN address that is public, like every other hardware router in the damn world that is the one that connects directly to internet To be fair, there's no router anywhere, sold commercially, that's set up to allow access from the public WAN to its webGUI. At least not any that didn't ship without being misconfigured by accident at the factory. Are you suggesting you wanted pf to forward 80 and 443 by default? This is all rhetorical anyway, as pf definitely allows a local connection to the WAN port during setup, which makes things much easier. When LAN has been set up, it's obviously not needed anymore. @denitrosubmena said in PLEASE stop enforcing firewall rules on pfsense!!! Let us manage our own firewall rules!!!: proxmox which was blocking everything I'm new here, but even I think it would have been a great idea to mention right away that pfSense was being virtualized. And on top of that, behind some POS like Proxmox.

@jstaczek said in Route to gateway www.webgui.nokiawifi.com?: So, ok. Somewhere DNS believes that www.webgui.nokiawifi.com I guess, this is, what your DNS resolver gets. It might be requesting your ISP router, or the router does intercepting DNS.

I'll have to look for the cable in the box to learn more about the console access! In the meantime, I deleted some of the auto default boot environments from the GUI and it has really worked wonders. Thanks for this. [image: screenshot-2024-09-02-14-14-01.png]