made an SH script to accomplish what I needed. thought I would share it. #! /bin/sh timeout=$1 sleeptime=$2 command=$3 # test pid is still around PIDActive() { pid=$1 test=`ps -p $pid | grep $pid` if [ -z "$test" ]; then return 1 fi return 0 } # run command & capture pid $command& commandpid=$! # What happens first? pid exits or timeout counter=0 while PIDActive $commandpid && [ "$counter" -le "$timeout" ]; do     sleep $sleeptime     counter=`expr $counter + $sleeptime` done # if we get to this point and the pid is still active, kill it PIDActive $commandpid && kill -s KILL  $commandpid

Exactly. I'm sure the dev team have thought about doing this before (the last time I suggested it perhaps!). There would be no point in starting anything without some sort of official sanction I think. Steve

ok, makes sense, it is leaving the lan interface OUT to the lan PC/client like you said. yes, there is a vlan interface that i didnt add the statistics for since it is rarely used.

Yeah - Don't go too crazy with how much RAM you give squid cache.  The Docs recommend no more than 1/2 and I've tried it higher and it was sort of flakey.  I'm only running 4GB on my home router.  Perhaps if you have 8 or 12 GB or more, you can allocate alot more than half.  Not sure.

No on 2.0.1. You can do that on 2.1 though. (System > Advanced, Misc tab, box is right under the sticky checkbox)

If you're using the built-in load balancer, it's unlikely to work in that way. You'd be better off with a package like HAproxy that has several different methods of maintaining a persistent client-server relationship.

You probably need to check System > Advanced, Firewall Tab, "Bypass firewall rules for traffic on the same interface"

Yup! I have 1000/1000 and speed betwen around 70 MB/s :)

i know. lack of time and some private stuff. have not worked on pfsense for a long time so i am starting from the  beginning.

OK, that's why I thought. This is a regression before our previous FW but all other stuff on pfsense make this nothing. Thanks you.

@Jason: @ilaurens: No idea, I do not have much experience with pfsense, nor how it works. But as far I know you can use pf_ring with snort to use multi cores. Why not give it a try, if you have 10gbit stuff laying around. https://www.google.nl/search?q=pfring+snort&oq=pfring+snort&aqs=chrome.0.69i57j0l3j69i62.1732j0&sourceid=chrome&ie=UTF-8#fp=aba73ede39cbb7b9&q=pf_ring+snort&safe=off&spell=1 Interesting.  Would this work with FreeBSD?  If so, I'd be in for a bounty on anyone who would be willing to integrate this into the pfSense package for Snort.  I'm actually less interested in this for 10Gbe speeds than I am for running on low-power hardware with multiple cores. Anyway, I think I've decided to go with a pair of Cisco Nexus 5548UP switches with the L3 modules to solve my routing issue.  I've talked to a few people who have installed them and they've all had solid experiences. I did read something about SnortSP Beta Shell-based user interface with embedded scripting language Native IPv6, MPLS and GRE support (This feature is now included in 2.9.x) Native support for inline operation (This feature is now include in 2.9.x) More subsystem plugin types such as data acquisition modules, decoders and traffic analyzers Multithreaded execution model - multiple analysis engines may operate simultaneously on the same traffic (There are certain subsystems of 2.9.x that are now multi-threaded) Performance increases The purpose of this program is to Source: http://www.snort.org/snort-downloads/snortsp/

Pretty standard stuff.  Looks fine, though I haven't actually tried sticking vLANs on a LAGG before. One thing to note is that depending on how much traffic passes between those vLANs you might find yourself bandwidth starved on 1Gbe links.

@apfusertoo: @rjcrowder: @apfusertoo: Third, I am used to the root shell in FreeBSD being csh, and would like to use that - is it safe for me to simply use vipw and change the root shell to /bin/csh ? I just changed the shell that gets executed for option 8 on the menu. Changed to (had to install first) Bash and it works fine… Ack … ok, this does work - it appears NOT to work, since .tcshrc will get executed no matter what, as long as it is there. So, if you want to change frmo tcsh to csh, you need to alter rc.initial and you need to remove your existing /root/.tcshrc file before your actual .cshrc file will get sourced... Thanks :) Ugh.  So that worked just fine … until I rebooted.  Now /etc/passwd file is back to /bin/sh for root, and the .tcshrc file was recreated for me.  The changes to rc.initial stuck, but I still don't get a csh shell because .tcshrc is recreated... How can I keep pfsense from recreating it ?  Other than maybe creating an empty file and chflagging it schg ??

Normally in those cases the ISP will route that block to whatever IP you receive on WAN. So you can use them internally on an interface or via 'other' type VIPs.

FYi. I re-assigned interfaces creating LAN addresses in made up 10.1.1.x range , restarted and got the webconfigurator to work. the rest would be reading and learning pfsense . thanks to NOYB who answered and to all who may have read.

Its a tweaked version of freebsd, so yeah those commands are pfsense commands

Recharged the UPS and now with halt (-h) command everything works as expected :) I`m posting this just in case someone should have same problem as me …