OK. Gotcha. Thank you. I look into it

It's been answered plenty of times, the OP has done it correctly here. If you bridge the interfaces and move filtering from the bridge members to the bridge interface then the resulting interfaces will behave like switch. It will be much slower than even the cheapest switch (in most cases) but there are advantages. You can filter traffic between the ports for example. There are legitimate reasons to do this, buying a quad port nic just yo bridge them is not one of them. I have 3 interfaces bridged on my home box here. It has 10 NICs, they aren't removable and I don't need 10 subnets. The box cost me £40.  ;) Steve

Yep - Now you have to block every proxy service on earth by name or IP also….  Good luck.

Thanks jimp

Sorry - Mixed my apples and oranges. Did he try switching LAN and WAN?

I suppose that depends on how it's implemented. It looks like it can run over standard UDP just with its own payload format, in which case it would look no different to pfSense than normal UDP and wouldn't require any special handling.

There are parts of the system that write periodically. Logs, gateway status, graphs, and several other things could be getting written to the disk, though it shouldn't be completely constant. If you run "top -aSH", press 'm' to switch to i/o view which will show you which active processes are writing/reading at the time. The normal top view is CPU only and wouldn't tell you much about the disk.

The system tracks failed logins and if there are two many (I believe it's 15 in 5 minutes) then it blocks the offending IP for a couple hours to discourage brute force attacks.

OK. Thanks everyone for their input.  It seems there does seem to be an issue with apinger….but... the main issue seems to stem from an ip phone plugged into the network (SNOM 720).  Once it was disconnected.. BAM! problem disappeared.  still waiting for enough time for the RRG graphs to verify this, but this seems to be the case. here is the graph from bandwidth (obviously from later than OP post): Traffic graphBTW.. My ISP plan with Optus Cable is 100Mbit/1.5Mbit :(

Well I have no idea what happened.. I changed nothing yet over night suddenly it's working… very strange indeed. I think maybe my DNS hadn't updated. Not ideal but at least it's working. I just need it for an assignment for uni. Thanks guys

Noones any explanation for this issue? I just want to understand where the problem is, even if the solution is pretty obvious (that is, dont bind squid to loopback) If someone maybe can explain to me why this problems occurs, that would help me a lot :)

I played with transparent HTTPS proxy a few months ago but I'm not running it at the moment.  Yes, when I did go to HTTPS sites I didn't get any MitM warnings.

Status - System Logs is the first place to start.  From there, select the tabs that may hold detail you need eg. General and Gateways.

Not that I'm aware of.  You can create firewall rules that adhere to a schedule, but not like what you're asking about where it's targeted per IP with timeouts.

@chemlud: Cards are getting bigger and cheaper and the larger the partition the lower the wear-out due to repeated use of cells? Just a short version of reasons. This isn't correct.  All modern cards I've encountered will wear-level across all cells, regardless of how large your partitions are.  Using partitions larger than you need can actually prevent wear-leveling from happening correctly depending on how your file system handles deletes.