And…it is fixed.
No clue how.
I just restarted the firewall. (I guess something i should have done first).  ::)

Thanks everybody for your time!

@BlueKobold  So just to clarify Im taking the LAN port of the EdgeRouter and plugging that into the WAN of pfSense?  Also when you say pfSense needs to have a static IP at the WAN interface, does that just mean setting it static in the EdgeRouter and entering that address on the WAN port of the server?  Sorry if I literally just asked what you stated.  I just want to make sure I'm on the right page.  Is there anything I need to configure in the EdgeRouter?

Thanks again for your help, its greatly appreciated.

@mtarbox:

No IPTV or set top boxes in my system.

Then I would be trying turning it out!

Edit the downloaded config and restore it to the unit?

Thank you for your tips!

I'll try to run the Apple TV on a separate LAN interface.

@mirkwoody:

True.

He said that even some off-the-shelf known brand routers would be kicked off.. because.. noise..

That's the first I've heard of that one.

Thanks JIM.

Sorry the installer was 2.3.4 from usb, I downloaded the 2.4 as you suggested and it installed fine thanks again for always giving great advice.

PDS

PFSENSE runs fantastic on these Kaby lake, and at Idle are really  low power did over 1 hour just on the UPS  (around 4W)

Even better. Now I have a bug report as well!

bug.txt

OK cool.  Thanks

Also: What type of interface is your WAN? (brand/make/model/driver name and also how it's configured such as static, dhcp, pppoe, etc)

@xphiles:

can you then disable the LAN port and still carry traffic over the VLANs?

In the original example, the LAN was moved to the tagged vlan and the raw interface was no longer assigned to an interface, so no you would not disable the LAN.

Hi,

The default firewall rule present on LAN will handle the job : pass all.

I'm not using any Google tools myself (except their mail services) but I guess "Chrome Remote Desktop" works the same way as "TeamViewer" : there is no need to setup something on your router. There is nothing that says you have to "NAT" something on your router.
Which is quiet logic because Google want to see all the information you see, so all info passes by THEIR servers fist. This means that both app on both sides connects to a central Google server, which means that both devices - the controller and the "controlled one" make outbound connections only, which means pfSense is set up by default just fine.

yes, your firewall is up and running from the moment you install it and plug it in. It runs out of the box for almost all network configurations, and is secure in that configuration.

As far as uploading files to your box, yes you can do it from the webgui, or from SSH. It's as simple as creating a new file and copying the list of IPs into the new file. Then point pfBlockerNG to that file, it might be done with DNSBL? I'm sure you could also import the list as an alias and just use that on firewall.
I've never imported a list to an alias before and don't have a pfsense box to look at right now but I'm almost certain there is a webgui button for it?

If you named the list "BAD_IP" then the rule would be something along
BLOCK any_source_ip on any_source_port > BAD_IP

Again, I've never done it that way but am pretty sure that will work. I don't know how you're compiling your list but the problem with most self-maintained lists of bad IP's is that IP's are dynamic and will change over time. So after enough time you'll eventually not be blocking bad guys anymore but will be blocking whatever computer or service is now behind that IP.

Depending on what you are trying to block with this personal list, you can probably either find a maintained list that covers it and is updated by a service, or use an IDS/IPS to block the IP's.

i reinstalled suricata . i did these a serveral times before i solved my problem with sntp.
at the moment everything works without any problem. still don´t know exactly what solved the sntp problem.

by the way…

i use suricata now in monitor mode because i want to change it to "block on drop" but i do not quite understand it.

see my post. perhaps you could help me with my questions?

-> https://forum.pfsense.org/index.php?topic=137669.msg752860#msg752860

Does nobody have an idea why the vnstat values are quite far off the actual traffic passing through the system?