You didn't mention specifically, but we assume you mean you upgraded to pfSense 2.8 Community Edition. Generally speaking, you should avoid pulling the power (i.e. physically unplugging/replugging) as much as possible. When running CE on your own hardware, it's not good for the underlying operating system, FreeBSD, nor pfSense's 'system' files for that matter, to experience an abrupt loss of power.

@stephenw10 @gerdesj Thank you both for the information. I am now looking at posts from BBCan177 and there are indeed plenty. As for the link to the official documentation of the pfblocker package, I'm afraid that it isn't of much help, the information there is somewhat limited. Thanks to all for the conversation, this was very useful!

@Hakon74 Unfortunately that link no longer appears to work.

Yup. The cost of getting most of those is huge. It would have to be recouped somewhere.

Well it's presented that way because the vast majority of users are either reinstalling Plus on an eligible device or installing CE on one that isn't. But I agree it could be clearer. I'll raise it.

You should open a request here: https://redmine.pfsense.org/

I can remove your NDI if you send it to me in chat. Or if you upgrade to 2.7.2 first you will see 2.8.0 offered.

@ChrisJenk said in How to redirect IPv4 *and* IPv6 NTP traffic: Any idea how I can redirect IPv6 NTP traffic alongside IUPv4 NTP traffic? What I did was find what host name they were using and created an alias to my home server.

To update on this problem, it is solved with the CE 2.8 version

The 4200 must be one such model. I restored to a new one using ECL (super handy not to need to connect to it), noted it hadn't enabled the RAM disks (presumably, needed a restart), and then it remained the default 40/60 after a couple of boots. Not sure if that means the values get set sometimes, or it's been that way for months...seems like I would have noticed before now. Anyway I see it's fixed in 25.03 as noted. For those worried about drive wear there is https://redmine.pfsense.org/issues/16210.

@stephenw10 Good news. I was able to format the USB drive as UFS, reinstalled, and everything is up and running on my (now) backup 1100. Interestingly, on this one it configured the /VAR disk for 120MB as I had set in the configuration, rather than limiting it to 60MB as the other device did. I am guessing that the Restore process just sets it to whatever the configuration is and it doesn't have the UI glitch holding it at 60MB. Thanks so much for your assistance (again), Stephen. Very much appreciated.

If you have Snort or Suricata installed make sure the log settings for those are saved as something useful.

Yup just install 2.8 clean and restore your config into it. There's little point in trying to upgrade an ancient 2.4.5 install.

Confirmed still an issue as of May 2025 with pfSense CE 2.8.0 and Status Traffic Totals package version 2.3.2_7 I also updated the Redmine bugtracker: https://redmine.pfsense.org/issues/11797

Mmm. Fun*. Yeah I still agree this all seems like a workaround to force something that wasn't designed to work that way. There must be a better way...

Hmm, so mostly stuff in Tailscale. Except the Ubuntu updates, which is hard to explain. Nothing should have changed there.

The beta is pretty stable. I'm running it as my edge here without issue. If you are running ZFS so you can roll back then I would try it.

@stephenw10 I've managed to get this to work. Thank you for the pointer.

@SteveITS said in Interface and Rules: https://docs.netgate.com/pfsense/en/latest/firewall/fundamentals.html#stateful-filtering "Using this mechanism, traffic need only be permitted on the interface where it enters the firewall. When a connection matches a pass rule the firewall creates an entry in the state table. Reply traffic to connections is automatically allowed back through the firewall by matching it against the state table rather than having to check it against rules in both directions. This includes any related traffic using a different protocol, such as ICMP control messages that may be provided in response to a TCP, UDP, or other connection." You are right. Thanks a lot!