https://www.youtube.com/watch?v=ALZZx1xmAzg

Sounds like you want trace/debug logging. Kernels don't do that because of the huge performance hit. In some cases, something like 1/10th the speed. Kernels have very tight code and adding calls to log, would be horrible for performance. Kernels typically only log major events, initialization, and transitions. If you want logs from applications, then it's up to the application to do the logging. For everything else, there is DTrace. My limited understanding of logging.

Its not hard, just ask the right questions, give it a go.  ;) What dont you know? Edit: Worth starting a getting Dtrace to work on pfsense thread at this point?

I found out that one of my WAN had DHCP issues… pfSense didn't have the IP anymore and was doing weird things. Since I couldn't wait more I had to restart the firewall and this fixed, but thank you very much for the suggestion I'll use next time!

The mountroot is the last thing it displays to VGA before outputting everything to the serial console, it's not stopped there.

@jahonix: Then just stay with your external AP and place it where it best covers your plant. And forget about USB NICs/APs/KidsStuff in a router or firewall application. You've been warned often enough. Have edited the last post and will be using all internal devices ditching all the USB ones :) The reason I want to remove the ASUS AP is because I want to take it overseas with me and set it up there as it is required for a little project there. Also do you have any info on bonding two adsl i.e WAN1 and WAN2 using pfsense so they act as one connection if ISP provides right equipment and service on their end otherwise add another modem to the native port and make it act as WAN2 without the bonding? What are the advantages of each? I would be happy configuring WAN interface for seperate tasks and wouldnt be worried about overall download speed etc. Just that more people get to use the internet faster. Any suggestions or links? Appreciate the response

okay. Thank you. 2 more questions if you don't mind and can help :) First do you know of any steps I can take to prevent DDos attacks? I know of the SYN Proxy… But do you know of any other settings / firewall rules that might help with NTP and DNS DDos attacks? would it be safe to add NTP to NAT? and then point the NAT to a NTP server setup on a DMZ? as far as DNS protection is the best way to protect yourself from DNS DDos attacks using static DNS and setting up a Dynamic DNS in PFsense? I can only find the same 1 or 2 post about DDos protection :( AND THEN my last question I believe :) is there a easy way of getting rid of all these dhcp requests all the time in my logs? [image: DHCP%20ERROR.png]

Anything show up in the fw logs if you setup logging a rule for all your rules?

Whats the hw involved (wif & laptop nic) and OS's involved? Like Dok, I assume pfsense is somewhere in the mix?

so nobody has an idea since i posted the results of the requested command?

It's never idle long enough for state timeouts to matter. Its general unpredictability in problem circumstances makes it hard to say whether changing something actually had any impact.

The way ISA handled it was you have to restart the service, just like killing all states achieves in pfsense, but you couldnt do schedules in ISA and I dont know about the latest ones either as I've not looked at those. Today I've been testing pfsense 2.1/freebsd 8 and pfsense2.2/freebsd 10, its more difficult testing with FF on windows because even when you dont use Google as the search provider in the FF toolbar, your web activity is still sent back to Google and the cloud servers they hire like from Amazon, which then further "compliments" their search business a trick MS seems to have missed but the way FF & Google works makes it harder to keep track of the states as its opens up so many to do a distributed download from youtube amongst other things. I'll be hooking into FF & Windows at some point to examine the memory and thus just what exactly is being sent back to Google as we have a concept called privacy over here in Europe. So I will have to repeat the tests again with some other webbrowsers tomorrow but there is at least one minor change in behaviour in PF/pfctl between freebsd 8 & 10, but until I can come up with a test which can be repeated by others with more detailed steps its hard to prove the states killing isnt working properly using Windows or Linux with the technology most people have access to. @cmb: @Derelict: If I have a pass rule that passes, say, source 192.168.1.0/24 to an ssh server.  Then I change the rule to pass 192.168.1.0/25 and Apply Changes.  Should the firewall kill all states for source addresses 192.168.1.128-255 but not sources 192.168.1.0-127?  Are YOU going to write that code? That's just one example of many. It's impossible to do in a bug-free way. It's a hell of a lot of work to do in a way that would ultimately be buggy for a range of edge cases. Nothing ventured nothing gained, but a problem shared is a problem halved, I'm sure there's plenty of people who would like to chip in with their views as to what would be ideal or the best way to handle the different situations to kill off states. Even taking votes and having a discussion on what should happen and why is at least a democratic way to resolve & expedite some of the thought processes that will be involved in deciding how to handle some situations, which leaves the job of coding it an easier one as no one person can come up with all the ideas. Can the forum do votes? @Supermule: :D Its just because we are questioning basic design in pfsense. s/pfsense/basically every firewall in the world/ Feature suggestions are always welcome. This wouldn't be an unreasonable feature request. But acting like it's the end of the world and everything is shit because things work the way basically every firewall works isn't going to get you far. When its your business that keeps getting hacked, anyone who runs their own business knows its their baby and thus it can be for some the end of the world when you baby goes bust for reasons that are in other peoples or industry's hands. Whether the industry is right or wrong about allowing or even accepting dangling states and dangling sockets in Linux is a debate for another day, but finding a solution to dangling states will certainly elevate ESF above the rest if the problem is to be tackled and users want it to be tackled.

yup looks exactly what you were after - let us know how it works out.

You need help with your stuck Caps Lock and screaming in general.

Yeah, better to do a diff and use System Patches package to keep track of things.

Excellent. I'm glad I could help.

DO you have any packet captures to go back over when the problem occurred, that might be telling.

Enable log phys, phys2 and phys3 to get more verbose output, please