As no one official has acknowledged the bug yet - just wanted to report it running like this on a customer's box that needed it urgently and since implementing the fix 2 days ago, it still works without anything bad breaking or anything.

@stephenw10 said in 23.05.01 can't normal boot: 23.05.1 The pf v23.05.1 version will have this problem when the system starts. Other pf versions do not have this problem when the system starts. For other pf versions, this problem will occur after the system has been running for a period of time

@NollipfSense I will do the clean install. THANKS!

@yjd said in Lan's ip is 254, and the web page cannot be accessed: reason is that I believe too much in the privacy mode of the browser, so I did not try to change ie and firefox for testing. Strange. We use different info sources then. I would prefer Firefos far over edge or the chrome thing. The last two have just one main mission : transmit everything you do to their creator. Showing a web page is their second role @yjd said in Lan's ip is 254, and the web page cannot be accessed: disable and re-enable the network card during the test Always check afterwards your DNS/gateway IP. You can stop checking as soon as you're done designing your network. @yjd said in Lan's ip is 254, and the web page cannot be accessed: I usually give priority to clearing the cache and testing again. . . If you visit a web page on 192.168.1.1 (so 192.168.1.1 is the URL) - and then you visit a device at 192.168.1.254, then there will be no cache involved, as it is not the same device neither the same web server (in theory - this time it is, as you've changed the IP of the web server device). @yjd said in Lan's ip is 254, and the web page cannot be accessed: to clearing the cache Remember this one : ipconfig /flushdns

@Yet_learningPFSense said in There were error(s) loading the rules: /tmp/rules.debug:25: cannot define table: @rcoleman-netgate It was about two months ago that I set up PFSense myself, using version 2.6.0 of PFSense and installing pfBlocker about a month ago (I didn't note down the version). There might have been some issues due to the version mismatch. I am currently using the latest version of PFSense, which is 2.7.0.

@stephenw10 yes correct, not an apu2. :-) We do have experience with pcengines tho. Since the alix! BIOS Vendor: American Megatrends International, LLC. CPU Type Intel(R) Pentium(R) Silver N6005 @ 2.00GHz Current: 1148 MHz, Max: 1996 MHz 4 CPUs: 1 package(s) x 4 core(s) AES-NI CPU Crypto: Yes (active) Memory 16GB 4 x Intel(R) Ethernet Controller I226-V

It pulls in available updates to some pkgs when pfSense-upgrade is run which it is when it runs the update check on the dashboard. The pkg package itself is one of those in order to allow updates to other newer pkgs. This isn't a problem for existing installs because everything there uses pkg-static and hence the correct version for the install. But, as you found, can be confusing if you are running pkg commands manually. Steve

Yeah, it doesn't seem like a bug since it does it in every version I've checked, so not a regression. More like a missing feature. You can open bug reports a feature requests here: https://redmine.pfsense.org/

I just upgraded my "Test Box" from 2.6.0 to 2.7.0 , wo. uninstalling packages 1: Did a reboot 2: SSH to box , and (13) upgrade 3: Box auto upgrade reboot After a short while it began to answer pings (via OVPN L2L tunnel) , and i tried to connect to the Gui .. Nothing happened. Did a SSH , and a restart web interface , and then it answered. I think i might have been a bit to fast in trying to connect to the GUI, i gave it max 3..5 minutes (i3-7120U) All in all SUCCESS , all packages (even zabbix) installed wo probs. Well i had these messages (Squid), that i only use occationallyl, to debug some proxy stuff. [image: 1688460088625-309c6e32-9dfd-4f9a-8e3c-dcf466b470dd-image.png] I did a reinstall of squid , and a reboot. No messages was shown after the reboot. Thank you Netgate - Job well done Edit: 2.7 is running FreeBSD 14+ (As 23.xx plus) , and newer CPU's are using Speed Shift , not the "Old Speed Step". You need to tune it via System --> Advanced --> System Tunables. See https://forum.netgate.com/post/1108902 My i3-7130U was running a bit hot (IMHO) So i have set a value of 75 for each "Core ... HT counts as cores) - NB: The recommended value seems to be 80 , but i like 75 (a bit cooler) [image: 1688467515176-04ab6f18-7139-427f-8c99-4a1b900653e9-image.png] The (near idle) CPU went from 2400MHz to 800MHz Well i ended on the recommended value of 80 ... Let's see how it behaves with that setting /Bingo

@soulmaster179 have you looked at your NAT setting for lan to wan is that set to default? Has your firewall ever worked? Can you ping anything internally on the LAN from the firewall? Do you have port 53 or 853 in use for DNS to allow that traffic on your ACLs?

@stephenw10 Yes it does. I was willing to try this, but after many years of computers, I wanted to do my due diligence first. I used to do PDP8s. I learned to be careful about deleting things.

I'm back to running 2.6.0-RELEASE (amd64) and I'm a happy camper! pfsense appears to be as happy as I am. System says I'm on the latest version, no notices that stuff can't be upoaded, I've got a list of installed packages and they all are running! Life is good. [image: 1688417872591-c05a2dea-3cf0-466b-a6dc-fd112d829564-image.png]

Yes, you can upgrade to Plus from 2.6. You may want to wait until we switch the Plus upgrade repo to 23.05.1 so you can do it in one step. That should be happening imminently. The same precautions as the 2.7 upgrade apply there. The safest way to upgrade is to remove packages first. Steve

If pfBlocker (or some other package) gets hung up it's install script then subsequent packages might not get reinstalled. The upgrade from 2.6 to 2.7 is large and includes a PHP change which makes pkg issues like this more likely. Hence: https://docs.netgate.com/pfsense/en/latest/releases/2-7-0.html#upgrade-notes

The wireless interface type in pfSense is for wifi hardware in pfSense itself which is not what you have. Your access point should simply be connected to one of the LAN ports in the 2100. Devices that connect to the AP will just get an IP from pfSense in the LAN subnet. Later you may want to move those to a new subnet so you can filter between them but I would only attempt that after first making it work as part of LAN. The pfSense WAN should be set to PPPoE but that can only work if the upstream device is bridging the PPPoE connection correctly. Steve

@stephenw10 said in System General Logs flooded: Yes, it's fixed 'correctly' upstream now. it just wasn't accepted soon enough to be included in 23.05.1. https://reviews.freebsd.org/D39966 It will be fixed in 23.09. Steve You guys are the BEST. Thanks, Rick

@stephenw10 done

@AK_4_Life said in Using Static ARP vs IPVLAN: you will get a new IP every time you connect to the WIFI. As mentioned by JKnott if you have devices that might use different macs, and not really allow for assignment of specific IPs that you can then filter or schedule in your firewall rules based on the IP, since it could change. The best solution here is to put these devices on a common network(ssid) and then you can create your rules for the whole network/vlan and not really care what specific IPs might be in use - because all devices on this network get the same rules regardless of their specific IP.

I would try vmstat -i and make sure you see interrupts on both queues on each NIC when it's passing traffic.