Got it. Used Wire Shark and then plugged it in to the network and saw the ARP request :)

MITM in India? People do that? https://www.youtube.com/watch?v=o66FUc61MvU

I have to say I would always advise you leave outbound NAT set to automatic unless you really need to set manual rules. The suggested rule should work though. @jonfil0130: When I check the Status "Gateway" its only the WAN interface that's online This implies there might be more than one gateway. A common mistake is to add a gateway to the LAN interface which is almost always incorrect. Remove it if you have and then make sure the WAN gateway is set as default in System: Routing: Gateways: @jonfil0130: for WAN there's 2 default rules which are both under "BLOCK". Maybe its something to do with the routing that's why i can't go online thru LAN. The two rules you are seeing 'block bogons' and 'block private networks' are not a problem if your WAN interface is receiving a public IP via PPPoE. Even if it isn't it won't prevent internet access from LAN. Steve

I stumbled upon an interesting article about Windows RWIN auto-tuning that may have answered my question (router does not impact RWIN).  Everyone who uses Windows 7/8 should read these observations: https://www.duckware.com/blog/how-windows-is-killing-internet-download-speeds/index.html

@willdashwood: Hello, I know that the recommend way to manage things is via the web gui but I prefer using SSH for search for IP that are blocked. Unless I'm missing something, the web gui doesn't seem to have the ability to search for IPs on either the alert list or block IP list so I just use grep grep IP /var/log/snort/snort_igb163179/* So I'm happy with that but when I find a rule that's been triggered and it's a false positive, it would be handy to be able to suppress that rule via SSH. What's the best way of doing so? I can see our suppress list is here: /usr/pbi/snort-amd64/etc/snort/snort_63179_igb1/suppwansuppress_5436571eeaef6 So I could just append the rule ID to that file but presumably I would need to restart the service for it to take affect and I'm not even sure how to do that via SSH. Is there a better way? Thanks Will Sorry, but no better way.  You have the basic mechanics for part of the process down, but your solution will not be satisfactory in the longer term. That's because there is one big problem there is no solution for.  The text file you found is recreated each time a SAVE operation occurs within the Snort GUI.  It is also recreated each time the rules are updated by the automatic update process.  This occurs by the GUI calling a custom PHP function within the Snort GUI code called "sync_snort_package_config()".  So changing that text file will prove to be very short-lived. You can restart Snort easily by executing the rc script and passing it either "stop" and then "start", or just "restart".  The script lives here: /usr/local/etc/rc.d/snort.sh So something like this after updating that text file you found: /usr/local/etc/rc.d/snort.sh restart As mentioned above, this is really not a long-term solution.  The actual content of the Suppress List is stored as Base64 data within the config.xml file containing the entire pfSense configuration.  The contents of that data is what gets actually updated during the SAVE operation, then it is decoded and written to the text file you referenced. Bill

@jimp: 1- Menu option 13 2- Copy /conf/config.xml I didnt have console access, however I got it figured out :)

Does restarting the GUI and/or PHP-FPM from the console/ssh help? I can't seem to reproduce it here but I'm on a current build.

Unfortunately I suspect the critical funding level will be higher than any bounty can raise in purely economic terms. More likely someone who does IOS apps everyday will find themselves wanting this and just do it. There is already a 'mobile' theme that is triggered by detecting the client as IOS or Android (or by thee browser version?). It would seem to be quite straight forward to have an 'app' send a user agent string that triggers a different theme. It would be nice to have something that didn't rely on the webgui at all. It might be completely impractical, I have no idea. I could imagine something that connected via SSH and edited the config file. Would probably be far more work though. There must be other similar management apps that have solved these problems before, lets not reinvent the wheel here. Steve

Status->Traffic Graph might give you enough info now to get you looking in the right place without installing other packages..

Thank you, Steve.  I appreciate your insight.

Hmm, you've bridged three different types of interface. Does the error appear for all three types? Steve

Hi Firewalluser thank you for your reply..much appreciated..I will try that for sure :)

Have you actually tried just replacing the binary? Steve

Hi, You've probably figured this out now, but on the Firewall/Aliases page, to the top-right is a cog. If you click this, then select the table corresponding to your alias' name, you can manually delete entries without a reboot. Dooby

There have been a couple minor things found/fixed after 2.1.5, but the only one of any note is the GUI issue that some have with cached CSS and/or local fonts that can cause the Help menu to wrap under the system menu. Search around, there are probably a dozen or more threads about it, but it's easy to work around and does not impact traffic or services.

Post editing is only available for a limited time, 14 days perhaps. I'm uncertain. It used to be much longer which was handy for someone like me who makes loads of typos, I would correct them whenever I read back through a thread. The downside is that by editing older posts you are changing the historical record. It's possible to make sn otherwise useful thread completely unreadable by removing some piece of key information. Steve