You can make an image .img with command: #/home/pfsense/tools/builder_scripts/build_embbded.sh

Sorry for breaking the party but in 2.0 we have per-ip shaping(dummynet) working!

Tonight I found a thread dedicated to this device in the hardware sub-forum, but seeing your replies here I don't feel so stupid posting here!  The last postings in there talked about an atom-based board that otherwise specs roughly the same as this one and same TDP–but for around double the money. :( In any case, as I mentioned there, I think having a firewall running on a non-Intel instruction-set processor could possibly increase security WRT some processor-specific hacks that go around the OS that have been mentioned on Slashdot, among other places.  Any comments on that? Thanks for the reply, and I'm glad to hear that you guys are at least considering it! :) Mike

Thanks! I like any method - IDE good idea.

I managed to install the 1.2.2 dev iso, but there is no /home/pfsense/tools directory do I have now follow http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso ? or did I install it wrong?

try this : http://ftp.nhlue.edu.tw/pfsense/downloads/pfSense-Developers-1.2.2.iso.gz or whatever developer iso is available when you get to the mirrors.

Solved

I'm not intending to deploy fwknop as anything more than a first line of defence, a way to make reconnaisance of the system harder. Fwknop is valuable as a tool to hide the existence of a certain service, and to reduce the surface area of possible attack. This is true whether you use fwknop to protect access to a VPN service or to protect access to SSH. For example – ssh is a strong security measure, in theory. When working properly, I trust it to keep the bad guys out. However, a zero-day exploit in ssh would make it possible to gain access if the firewall port is unconditionally open. The same could be said about VPN services like OpenVPN. In other words, I'm not expecting fwknop to be the solution to all security problems, but rather to be an extra layer of obscurity in a defence-in-depth security scheme. What they can't see, they can't attack. And as a first layer of defence, I'd argue it's more secure than any other scheme, because it's 100% stealthy to any attacker who isn't able to sniff the network, and because the code is so small that finding a security hole will be that much harder. Finally, breaking fwknop security barely even gets you in the door. Also fwknop is more advanced than simple port knocking. All authorization is done in a single packet, which is protected by strong encryption, and is not vulnerable to replay attacks, like other port knocking schemes are. Either way, the feature I'm requesting help with is not specific to fwknop itself, but will be useful for other security schemes or even VPN servers that require creation of custom firewall tables.

I agree with Ermal.  What would be a better inclusion for the base code is to allow the default ARP setting to be changed from 5 minutes to something else.

The latest version has a 'Status' tab. If you downloaded FreeSWITCH without modifying /etc/inc/globals.inc then you have the latest version. Any new changes after launch will get its version incremented. Mark

Short answer, no need to do the loop at all :D ::)

I think HKPolice is just trying to get you guys irritated.  I think the direction pfSense is taking is a good one.  I also do not like the idea of running all of my products on one single machine.  Single point of failure.  I would recommend he could get an alix box from pcengines and then use the PC as a NAS box.  Having a single box which runs everything means when you need to reboot for something you are taking down all of your applications/services.

PHPMailer works great but I've read that it is no longer in active development. I found another alternative. http://www.swiftmailer.org The license is lgpl. Features are:     * Persistent connectivity improves performance     * Connection types selected by user - extendable     * Complete header control with RFC 2822 requirements handled     * Internationalization support (i18n)     * Connection redundancy support     * Load balancing and/or throttling support     * SSL & TLS Support - for Gmail servers     * Embedded images or other file types     * Full MIME 1.0 library included (create multipart messages, attachments etc)     * Batch mail processing     * Smart runtime caching (in small, self-maintained packets)     * Send attachments of any size even with PHP's 8MB Memory Limit     * Support for multiple attachments     * Lossless protection against header injection (encode, don't strip)     * Set message priority     * Request read receipts     * Pluggable SMTP authentication (LOGIN, PLAIN, MD5-CRAM, POP Before SMTP)     * Anti-flooding support for servers with limits on emails-per-connection     * Bandwidth monitor included     * Extensive event-driven plugin support (easy to write)

No.

Also I get errors: There were error(s) loading the rules: pfctl: DIOCADDRULE: Cannot allocate memory And There were error(s) loading the rules: pfctl: DIOCADDRULE: device busy Maybe this 1st error sometimes cause pfsense to crash. Not sure