pfSense has by far the best capabilities of any open source firewall, and better than a bunch of commercial firewalls, when it comes to DoS protection. DDoS you likely can't do anything about unless you have an extremely fast Internet connection. Most DDoS attacks will knock you off the Internet unless you have at least 50 Mb of Internet connectivity, and at times even that isn't enough.

Check the advanced options on the firewall rules add/edit screen, several options there for controlling things.

Thank you!

creating a rule for HTTPS access for WAN interface resolved the problem. thanks

Based on the timestamps in your screenshot, it would seem that these are recent activity.  It would seem like you have something going on in your network that is unintended.

Vnstat might please you
http://forum.pfsense.org/index.php/topic,8460.0.html
http://pfsense.site88.net/packages/All/vnstat-1.6_2.tbz

You can install FreeBSD packages (details in the forum) but you're on your own.  As the package says, don't rely on it - if it's simply wanting to be less visible, it (and all the other packages) are fine.  If it's a matter of staying out of legal trouble, you need to consider the risks for yourself after you read the research others have done.

It's been a while since I've looked at an interface page for wireless, but I believe there was an option there for allowing clients to communicate with each other directly. Do you have that set?

I wrote in the 2 IPs to OpenDNS that Perry gave me. And it seems to be working  ;D

I would like to just bring this up again since we have 1.3 available to us. Can I see an example of an entry? I am not sure that I am getting it right. I make the alias, it saves, but when I make the rule it gets upset. I am going to plug away a bit more at it, but if someone has an example I can work off I would love it. :)

EDIT:
Okay, I found that I was just being dumb. I have it sorted now, but I am wondering if there is a size limit to the number of lines in my alias import?

Okay, I just tried to feed it this list. And it's just sitting there and the DNS Forwarder stopped working. Once I get more info I will let you know.

EDIT AGAIN!: oops… List to long, broke my post.

@submicron:

Or you can look at the spamd package, which is still in development, but works quite well.

quite a few of us are using the spamd package with great results..

The latest 1.3b12 and 1.3b13-pre releases of M0n0wall contain changes to bring in full (?) IPv6 support.

Is it worth looking to see if these changes can be ported into pfSense ?

I ran into exactly this problem too. My connections were all physically stable, and established connections (downloads, VoIP calls, etc) were reliable. But new connections were intermittently flaky, and packet loss was appearing while pinging the router's internal addresses.

A quick look at the RRD graphs showed that I was hovering around the 10k default state limit. So I doubled the state table size (in System / Advanced).

Thanks for the thread. Love those graphs.

First off, get off the release candidate onto the final release.

Secondly, there are a few ways of solving the problem.  Probably the simplest is to block any outbound traffic on 80 and 443 (yes, there are other ports, but if you're not blocking by default it's a good start) and allow traffic to the proxy.  Then simply tell people that they have to use the proxy.  You could also install Squid in transparent mode and configure MLabs as your upstream proxy (and you'd still have to block 443).

How about:

wget --output-document=traffic.png --no-check-certificate --user=admin --password=yourpassword "https://10.10.1.1:2001/status_rrd_graph_img.php?interval=4h&database=lan-traffic.rrd&style=inverse"

in a cron job on your web server?

I suppose there is cause for a little concern having plaintext usernames and passwords on the web server, but…

Take a look at Traffic Shaping (there's even a forum for it).

Another-

Lan net - Lan net

why are those needed?

I think the answer to your problem is in your system logs.

But we need more…

What interface do the various names equal?

rl0?   rl2?   What are they?   If I had to guess Id say you had a loop connection someplace.

Can you draw a picture of your network?

http://www.gliffy.com/ is a good resource for this...

The same mac address is showing up on both rl0 and rl2 but expected on rl1.