you can create a new macro an execute that from commandline https://doc.pfsense.org/index.php/Using_the_PHP_pfSense_Shell#Recording_and_Playback

Ok, it would seem it is a known Bug. It was due to the fact I was running CODELQ on both parent interface and VLAN.

Thanks! Not sure how I managed to not find that page…

Hello, I'm looking at my syslog server and I find the following log entries around every time the wan connection goes down: Dec 15 10:59:59 10.1.1.65 Dec 15 11:00:00 /usr/sbin/cron[93325]: (root) CMD (/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc) Dec 15 10:59:59 10.1.1.65 Dec 15 11:00:00 /usr/sbin/cron[93770]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout) Dec 15 10:59:59 10.1.1.65 Dec 15 11:00:00 /usr/sbin/cron[94091]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout) Dec 15 10:59:59 10.1.1.65 Dec 15 11:00:00 /usr/sbin/cron[94344]: (root) CMD (/usr/local/pkg/swapstate_check.php) Dec 15 10:59:59 10.1.1.65 Dec 15 11:00:00 /usr/sbin/cron[94545]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot) Dec 15 10:59:59 10.1.1.65 Dec 15 11:00:00 cron[93249]: (root) MAIL (mailed 46 bytes of output but got status 0x0001 ) Dec 15 11:00:00 10.1.1.65 Dec 15 11:00:00 cron[92957]: (root) MAIL (mailed 74 bytes of output but got status 0x0001 ) Dec 16 11:00:00 10.1.1.65 Dec 16 11:00:00 /usr/sbin/cron[30482]: (root) CMD (/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc) Dec 16 11:00:00 10.1.1.65 Dec 16 11:00:00 /usr/sbin/cron[31532]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout) Dec 16 11:00:00 10.1.1.65 Dec 16 11:00:00 /usr/sbin/cron[32008]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout) Dec 16 11:00:00 10.1.1.65 Dec 16 11:00:00 /usr/sbin/cron[31725]: (root) CMD (/usr/local/pkg/swapstate_check.php) Dec 16 11:00:00 10.1.1.65 Dec 16 11:00:00 /usr/sbin/cron[32172]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot) Dec 16 11:00:00 10.1.1.65 Dec 16 11:00:00 cron[30438]: (root) MAIL (mailed 46 bytes of output but got status 0x0001 ) Dec 16 11:00:00 10.1.1.65 Dec 16 11:00:00 cron[30168]: (root) MAIL (mailed 74 bytes of output but got status 0x0001 ) any idea what could be happening?

"By not mixing T and U traffic on one IF it is likely more overseeable, don't you think?" To be honest I don't see it as an issue, while I completely agree with KISS and why over complicate things.  Not having any settings on a interface tends to confuse new users..  So if they can think of that as network ABC, and then adding vlans on top of that its pretty simple. But you have a talking point sure.  But then your doing it opposite to the end machines - you don't tag the port that end device is connected too.  if you do then you have to set the end device to understand the tag..  So no matter how you look at it your going to be running tagged and untagged when you start to vlan.  So how is it any different for your router vs your workstation.  Just in the router you need to tagg the traffic for the other vlan lans its routing, etc..

@roy2019: My switch just normal unmanaged Gigabit switches Then you need to replace it with a proper one.

Oh right, I forgot you have to authorize apps to access your Google stuff.  Thanks for the reminder.

Before we had a proper pkg building system someone must have hand configured the options for the version it pulled, I didn't see anywhere we set them. I pushed a change to fix the options up so it'll come through with the next update. pkg is smart enough to pick up that the options changed and it needs a nudge on the client side.

995kb/s is roughly 10GiB/day. If you want to limit bandwidth, then just use limiters to set to this. If you want to manage volume, then you're talking about data caps, not bandwidth.

Roger that.

It's a mystery. Packet capture I guess. If the SYN is going out with no SYN/ACK in return something upstream is blocking.

The error suggests that a process was unexpectedly killed. Were there no other errors nearby in the logs? The main system log perhaps? Given the choice, I would always pick HAProxy over relayd for any task that HAProxy can handle. The relayd balancer is OK for small/simple things but it's hard to beat the flexibility and reliability of HAProxy.

Thanks, I couldn't fine it.  The frequency of the beeps is somewhat dim for my hearing.  So I changed it to: beep -p 2860 20         sleep 0.1         beep -p 3050 20         sleep 0.1         beep -p 2860 20         sleep 0.1         beep -p 3050 20         sleep 1         beep -p 2860 20         sleep 0.1         beep -p 3050 20         sleep 0.1         beep -p 2860 20         sleep 0.1         beep -p 3050 20         sleep 1         beep -p 2860 20         sleep 0.1         beep -p 3050 20         sleep 0.1         beep -p 2860 20         sleep 0.1         beep -p 3050 20

A firewall is not a DDoS mitigation device. Some cases can be helped by a firewall, but as has been mentioned, it's a problem best solved upstream or with specialized hardware that is dedicated only to DDoS mitigation.

That's right. I have the luck that my server is in my network next to my pfSense router. That's why I can do it the easy way. My ISP - as many others others - simply block all outgoing connections to 'port 25' (smtp) except their own mail server. Before a couple of months my ISP was also blocking port 25. My solution was to call them and to ask if they would unblock the port and they did.  ;D cheers Kalle

is this possible or am I talking broken biscuits? For my domain users I push out a certificate from the Sonicwall to all domain computers via GPO so I can utilize DPI-SSL. Could I use this certificate on Pfsense Captive Portal so BYOD users have to accept it when they are presented with the CP? This way I could then capture SSL traffic