You have to block using firewall rules.  We do block 443/HTTPS traffic to Facebook CIDR networks during regular office hours. For us, we block the following destination CIDR networks: 69.63.176.0/20 69.171.224.0/19 63.135.80.0/20 66.220.144.0/20 65.201.208.24/29 65.204.104.128/28 74.119.76.0/22 204.15.20.0/22 173.252.64.0/18 96.16.0.0/15

Ok so this seems to have something to do with me setting up an ipsec tunnel. I have a second pfsense install that I know was able to check for updates. I then setup a tunnel to another location and then noticed it could no longer check for updates. Nothing else has changed. Even if I disable ipsec it can still not check for updates. I have another tunnel I need to setup to another pfsense but I don't want to break that one too. Any ideas?

As I understand it, you need to use Microsoft's RADIUS implementation via IAS in order to authenticate PPTP sessions against AD. IAS doesn't need to be on the domain controller (it can be on a member server) but IAS needs to be installed somewhere and pfSense needs to be configured to auth via RADIUS against it.

I wouldn't worry about it too much. If you run the mount command when connected to the box you'll see the flash filesystems are also mounted with the synchronous option (from my ALIX setup below): /dev/ufs/pfsense0 on / (ufs, local, noatime, synchronous) devfs on /dev (devfs, local) /dev/md0 on /tmp (ufs, local) /dev/md1 on /var (ufs, local) /dev/ufs/cf on /cf (ufs, local, noatime, synchronous) devfs on /var/dhcpd/dev (devfs, local) Synchronous means the system will sync all writes and not return from a command until the write has been completed. Even if a power failure were to happen with the filesystem mounted read-write it shouldn't cause any lost data as commands don't return until the write is verified as on-disk.

@johnpoz You helped me. You gave me some good tips. There will be other - non technical - solutions which will stop this kind of traffic. It is just a kind of forensic :)

pfSense logs only to ram. If you need long term logging you will need to use a syslog server. See: http://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog Steve

@balubeto: pfSennse 2.0.1 can also directly manage the PPPoA protocol No. @balubeto: or I are obliged to set the ADSL 2+ modem in PPPoA mode? Yes. Your ADSL modem will probably talk PPPoE to pfSense but pfSense needs something else to handle the carriage of PPP in ATM cells.

Numerous ISPs, and businesses that aren't ISPs but act as one (generally sharing their Internet amongst a building of other tenants), do exactly what you describe. Limiters generally the best for that type of usage, and the easiest to configure.

Check a sqlite sample on cpan. using DBD http://search.cpan.org/~msergeant/DBD-SQLite-0.31/lib/DBD/SQLite.pm http://mailliststock.wordpress.com/2007/03/01/sqlite-examples-with-bash-perl-and-python/ using DB http://search.cpan.org/~vxx/SQLite-DB-0.04/lib/SQLite/DB.pm Remember to create the sqlite database first att, Marcello Coutinho

The reason for going with a smoothwall, Endian, or untangled type of distro is the subscriptions for the web filtering, anti virus, spam control ect… As well as they, like mentioned have done a lot of work to make the underlying packages pfsense uses to work, in a much more solid versital form. I would love to run it all in one box but i have yet to see it possible to provide the features we need to meet certain security standards while keeping the speed there. And i am guess this is why I see a lot of people who have pfsense and untangled combo.

All right jimp. Thank you for your attention! ;) []`s Jack

That's always been the case. If the interface with the IP address configured upon it goes down, then the bridge goes down. The fix is to assign the bridge interface and make the bridge interface your LAN interface, so it has the IP address on it, and your wired lan and wireless lan interfaces would be assigned separately with no IP address on them. Search around the forum, it's been covered many times.

Quote from: timbp on Today at 06:03:49 pm Four hours later PPPoE stopped and I have not been able to get it to connect since. I'm not sure what you mean by that: the ppp log reported ppp had exhausted its connection attempts and exited?  can you post an extract from the log at that time? No I don't have logs from that time. Initially, I booted from a USB and installed to a hard disk. I then did the setup wizard, and everything worked perfectly. I spent some time setting up static IPs, rules and schedules, and eventually had a system that appeared to be doing everything I wanted. PPPoE was connected, I was watching a movie streaming from a NAS, one child was playing Xbox online while simultaneously using Skype, others were browsing Facebook, and everyone was happy. Then, about 4 hours later, the power supply to the modem was interrupted. I plugged it back in, and pfsense has not been able to get a PPPoE connection. I have unplugged and replugged all the cables multiple times, both to ensure they are connected, and because i have tried putting other old routers in place of the pfsense box – and they connect to PPPoE immediately. I have gone back to the start -- booted from a USB, installed to the hard disk, run the setup wizard, all exactly as I did the first time when it worked. I doubt I'll get back to this for a while now. I'm trying another firmware on one of the old routers. It doesn't have the flexibility in scheduled rules that pfsense has, but it may be sufficient. Thanks for your help anyway.