Use this…You can make a whitelist for the allowed subnet or users you want as well. https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers

https://github.com/pfsense/pfsense/pull/1832

I solve this one,… seems that we cannot use regular login and pass acc. We need to use login as usual, and unique key from dyn.com which will authenticate it properly. So yeah, its fixed but its really strange. thanks :)=

@Derelict: States created by scheduled pass rules are automatically deleted when the rule expires.  States created due to the absence of a scheduled block rule are not deleted when the block rule schedule fires. So if you want to block access to port 80 except during the hours of 1800-2100 do this: Pass tcp source KID network dest any port 80 schedule 1800-2100 Reject tcp source KID network dest any port 80 no schedule. When 2100 comes around all the states created by that scheduled rule will be deleted, stopping current connections. New connections will no longer match the scheduled rule will fall through to the reject rule and will be rejected. Had the same issue with my daughter playing CoD/CS ! Thanks for the detailed explanation !

In my case the problem was with Nas4free which was built on FreeBSD 10.1 something at the time.  Not %100 of the version at the time I noticed it, but it was within the past month or so.

iperf

It shouldn't – but that still doesn't solve the problem here (cron spam). It's only relevant to arpwatch. Even if arpwatch supported some other mail mechanism, should we decide to include this script in base as sendmail or if some other package uses it the crontab spam would still occur. (Re)moving sendmail to alleviate cron spam doesn't fix anything, it only stops the notifications from letting the admin know that shit's broken. Fixing the broken shit is the cure.

Thanks for the link. The recommended video did provide links to more sophisticated scenarios, but none yet reflect my particular circumstances. It has however clarified the forum area that I need to post to (probably NAT), so thanks for that and regards to Dr Strangelove? ;)

xx.xx.1.80-180(Vlan1), xx.xx.2.80-180(Vlan2) xx.xx.3.80-180(Vlan3) & xx.xx.4.180(Vlan4). No idea why you wouldn't put those scopes on a subnet boundary.  But I'm gay for easy rules later. Attached an image I did. Doesn't directly speak to your situation but gets the point across I think.  Just ignore the fact that I have the WAN VLAN everywhere.  You probably won't do that.  You'll probably have just one untagged port with your modem on it. [image: VLAN-pfSense.png] [image: VLAN-pfSense.png_thumb]

Sorry to drudge up an old topic, but how did the replacement card work out? I am looking at using that card as well.

https://github.com/pfsense/pfsense/blob/RELENG_2_2/usr/local/www/guiconfig.inc https://github.com/pfsense/pfsense/tree/RELENG_2_2/usr/local/www/csrf

https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall

here a patch to use with "system patches"-package: add a new patch, name it. Put the following into "Patch contents: --- sshd.orig +++ sshd @@ -102,1 +102,3 @@ - $sshconf .= "Ciphers aes128-ctr,aes256-ctr,arcfour256,arcfour,aes128-cbc,aes256-cbc\n"; + $sshconf .= "Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr\n"; + $sshconf .= "KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256\n"; + $sshconf .= "MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com\n"; Base directory is /etc/ Tick "Ignore whitespaces" At last tick "auto apply". save, test, apply when no errors. done

This is the reason  :- Stopped at 6449MB    :'( I bought Kingston SE9 G2 for replacement ;D Thank you all :) [image: sandisk8g.jpg] [image: sandisk8g.jpg_thumb]

Works just fine here. With dead pfSense versions, you are pretty much on your own.

You don't need multiple ports.  Search for Apache Virtual Hosts using your favorite search engine.  Also called name-based virtual hosts.