Im also thinking that its because apinger has failed, for some reason my cable modem keeps on dropping.

Do you mean the 4150? I can't find a 4140. Kind of beyond what I have access to but we're talking about some big numbers.  :) Hopefully someone else will come along to put some better figures to this. It won't max out all your NICs which could be 16Gbps if all 8 were somehow managing to stream 1Gbps in and out simultaneously! I would guess it will be >4Gbps though that is a guess. PPS becomes a more meaningful measure at those speeds because the contents of the packet can vary greatly, affecting the throughput bandwidth, while the number of packets forwarded remains relatively constant. That CPU is only dual core so you won't see quite the same step up in performance from 2.2 that some others will due to the multithreaded pf in FreeBSD 10. Steve

I do not know if it will work for everyone But it worked for me http://makandracards.com/makandra/1258-install-the-verdana-and-tahoma-fonts-under-ubuntu-linux

Whenever someone around me asks questions about implementing pfSense in any commercial environment I usually pull up this document and show them. https://doc.pfsense.org/index.php/Comparison_to_Commercial_Alternatives pfSense can easily be configured to port forward on a port by port,  1:1 NAT, or even act only as a firewall to devices/computers behind it that have their own public IP addresses. :)

Ohh…you are right. It was a stupid configuration failure deep in the night...i didnt think about it. Thanks  :o ;D

Thank you for your replay. I'm using squid3 3.1.20 pkg 2.1.2. The Dynamic content feature that you mention is enabled, but the problem exists. Maybe there is another parameter that i miss? Thanks again.

Gonna take a look at that when I'm at the location again, thanks. I think I might just disable ipv6 inside the network completely; I'm guessing it has no added value whatsoever but the adresses are harder to remember :D

@P3R: @phil.davis: I think it tends to appear on interfaces that have VLANs or other aggregation methods where there is traffic for multiple logical things flowing on a single physical connection. I have the bug with neither VLAN nor any interface aggregation. I do however have IPSec site-site connections active, so in that sense there are multiple logical channels out on the WAN. We dont have any vlans on the pfsense box but we do in the network. We have openvpn runninn. H.

@HDM21KW: Thanks for reply. following your instruct , and after restart PFSense , Snort recognize my whitelist ! E-Mail runs good , but port80/443 needed access in blocked hosts list , individually add IP/Networks needed( Akamai , etc…). a few time it needs , but once setup this , after it's be all right. Snort WanSettings -> Pass List fields is below. [image: up150429.jpg] Thanks for reply , my snort problem is solved :D Glad you got it working.  That final step of actually assigning the Pass List to the desired interface is frequently missed. Bill

Yes out of state traffic is going to happen if you have 1 wan or multiple wan.  I see them mostly from son's phone = possible when it switches from cell to wifi and thinks it still has session with whatever it was talking to, and doesn't setup a new state, etc. Out of state traffic is bound to happen, just part of tcp and firewalls. Its nothing to worry about.. If you don't want it in your logs - turn off logging of the default rule will remove lots of noise ;)

There are a few posts like this floating around… https://forum.pfsense.org/index.php?topic=82835.0 Really-  you should never need to reboot unless your upgrading or doing physical maintenance.

Split DNS is simply running DNS on LAN that says your domain points to a LAN IP instead of WAN IP.  For example, if you own foo.com and it points to 1.2.3.4, split DNS would have you install a DNS server on LAN and have it resolve foo.com to be 192.168.1.x or whatever its LAN IP address is instead of its WAN address.

did you change your virtual network adaptors to the para-virtualized ones ?

thanks. sometimes reading it twice would help m(

@Hollander: 1. Be the eternal noob: create an alias, URL table, point to a *.tgz (Iblocklist). IBlock lists are in a GZ - IP Range Format. This is not compatible in Alias/URL Tables by itself. It has to be converted to CIDR and into a txt file format to be able to be used in the Alias/URL Table setting. That is where pfBlocker or my upcoming pfBlockerNG package can facilitate. A Bad or empty Alias Table can crash pf …

@saltygiraffe: We have a 1Gbps internet connection. You're a backbone to the AMX? ;D

Well if you really are losing connection everyday then you'll have to take that up with your cable company.  ;) Setting 'block private networks' on WAN only blocks unsolicited traffic (like any other firewall rule) so it won't block DHCP requests or gateway pings etc. Steve

I select the OpenVPN Manager utility when exporting my client config. OpenVPN Manager gets installed on my PC, and that provides an interface that starts/stops the real OpenVPN processes that need priv. I never need to enter an Admin password to start/stop my client OpenVPN connection.

I use the following template to create folders for each client. $template TmplMsg, "/var/log/%HOSTNAME%/%PROGRAMNAME%.log"