[2.4.5-RELEASE][admin@244dev.stevew.lan]/root: pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/arp-scan-1.9.7.txz Fetching arp-scan-1.9.7.txz: 100% 333 KiB 340.8kB/s 00:01 Installing arp-scan-1.9.7... Extracting arp-scan-1.9.7: 100% [2.4.5-RELEASE][admin@244dev.stevew.lan]/root: rehash [2.4.5-RELEASE][admin@244dev.stevew.lan]/root: arp-scan Interface: vtnet0, type: EN10MB, MAC: 9z:86:v8:d6:7b:52, IPv4: 172.21.16.180 Usage: arp-scan [options] [hosts...] Target hosts must be specified on the command line unless the --file option is given, in which case the targets are read from the specified file instead, or the --localnet option is used, in which case the targets are generated from the network interface IP address and netmask. You will need to be root, or arp-scan must be SUID root, in order to run arp-scan, because the functions that it uses to read and write packets require root privilege. The target hosts can be specified as IP addresses or hostnames. You can also specify the target as IPnetwork/bits (e.g. 192.168.1.0/24) to specify all hosts in the given network (network and broadcast addresses included), or IPstart-IPend (e.g. 192.168.1.3-192.168.1.27) to specify all hosts in the inclusive range, or IPnetwork:NetMask (e.g. 192.168.1.0:255.255.255.0) to specify all hosts in the given network and mask. These different options for specifying target hosts may be used both on the command line, and also in the file specified with the --file option. use "arp-scan --help" for detailed information on the available options. Report bugs or send suggestions at https://github.com/royhills/arp-scan See the arp-scan homepage at https://github.com/royhills/arp-scan

Well this got out of hand pretty fast, haha. At least it was a good learning experience. It's not easy to get memory stats out of this thing! I have not finished editing to make sure everything is perfect and portable but for now this works well on an sg-1100 which is the target system(s). On to the next project! #!/usr/bin/env sh #The purpose of this script is to collect system information for use with mailreport package. #TODO: See notes in comments - rounding memory calculations with bc #Variables for searching logs datesearchclog="`date '+%b %e'`" datesearchpfb="`date '+%m/%d/%y'`" #Basic system summary cat /etc/platform /etc/version echo -n "Last config change: " ; date -r `awk -F '[;:]' '{print $4}' /cf/conf/backup/backup.cache` && awk -F '["]' '{print $4}' /cf/conf/backup/backup.cache echo echo "SUMMARY - See load avg last 1, 5, and 15 minutes" ; w #CPU utilization checking cpuload="`uptime | /usr/bin/sed 's/^.*: //'`" cpuload5="`echo $cpuload | awk -F '[. ]' '{print $3}'`" if [ "$cpuload5" -gt "1" ]; then echo "WARNING! 5 MIN CPU LOAD HIGH:" $cpuload5 echo "Top CPU" ps -auxw | head -1 && ps -auxw | sort -nr -k 3 | head -5 echo "Top TIME" ps -auxw | head -1 && ps -auxw | sort -nr -k 10 | head -5 fi echo #MEM information and utilization checking #vmstat -ah top | head -4 | tail -1 totalmem="`sysctl -n vm.stats.vm.v_page_count`" if [ "$totalmem" -gt "0" ]; then inactivemem="`sysctl -n vm.stats.vm.v_inactive_count`" cachedmem="`sysctl -n vm.stats.vm.v_cache_count`" freemem="`sysctl -n vm.stats.vm.v_free_count`" usedmem=`echo "$totalmem - ($inactivemem + $cachedmem + $freemem)" | bc` memusage=`echo "($usedmem * 100) / $totalmem" | bc` #round with bc? physmem=`sysctl -n hw.physmem` physmemh=`echo "$physmem / (1024*1024)" | bc` #round with bc? echo "Mem:" $memusage"% of" $physmemh"M used." if [ "$memusage" -gt "60" ]; then echo "WARNING! MEMORY USED HIGH:" $memusage"%" echo "Top MEM" ps -auxw | head -1 && ps -auxw | sort -nr -k 4 | head -5 fi else echo "ERROR READING MEM PAGE COUNT!" fi echo #DISK information and utilization checking df -hl / /var/run diskused="`df -h / | /usr/bin/tail -n 1 | /usr/bin/awk '{ print $5 }' | /usr/bin/cut -d '%' -f 1`" if [ "$diskused" -gt "60" ]; then echo "WARNING! PERCENT DISK USED HIGH on /:" $diskused"%" fi echo #LOGS - provides more detail and filtering than mailreport package offers echo "Filtered Log Output" [ -f /var/log/pfblockerng/error.log ] && echo "Log output: pfblockerng Errors (pfblockerng/error.log)" && grep -e "$datesearchpfb" /var/log/pfblockerng/error.log && tail -n 20 #/var/log/pfblockerng/error.log ; echo echo [ -f /var/log/filter.log ] && echo "Log output: Firewall (raw) - Admin Interfaces GUEST (filter.log)" && clog /var/log/filter.log | grep -e "$datesearchclog" | egrep "1566350082" | tail -n 20 echo [ -f /var/log/filter.log ] && echo "Log output: Firewall (raw) - Combined Blocklist (filter.log)" && clog /var/log/filter.log | grep -e "$datesearchclog" | egrep "1597881531|1597881664" | tail -n 20 echo [ -f /var/log/filter.log ] && echo "Log output: Firewall (raw) - GeoIP Regions (filter.log)" && clog /var/log/filter.log | grep -e "$datesearchclog" | egrep "1599316667|1599316737" | tail -n 20 echo [ -f /var/log/gateways.log ] && echo "Log output: Gateway Events (gateways.log)" && clog /var/log/gateways.log | grep -e "$datesearchclog" | tail -n 20 echo [ -f /var/log/ntpd.log ] && echo "Log output: NTP (ntpd.log)" && clog /var/log/ntpd.log | grep -e "$datesearchclog" | tail -n 20 echo [ -f /var/log/routing.log ] && echo "Log output: Routing (routing.log)" && clog /var/log/routing.log | grep -e "$datesearchclog" | tail -n 20 echo [ -f /var/log/system.log ] && echo "Log output: System (system.log)" && clog /var/log/system.log | grep -e "$datesearchclog" | egrep "fail|emerg|alert|crit|err|warn" | tail -n 20 echo [ -f /var/log/watchdogd.log ] && echo "Log output: watchdogd (watchdogd.log)" && clog /var/log/watchdogd.log | grep -e "$datesearchclog" | tail -n 20 echo

Yes seeing this in 2.4.5-p1, already tested with 2.5.0.a.20200911.0650 yesterday and it's the exact same. -Rico

Do you mean alias or firewall rule? Using Easyrulelike that would normally add a new block firewall rule on LAN. What exactly are you trying to do by doing that? If it's the same IP you should just enable or disable the rule from the GUI. Steve

@TCP-IP said in Usermanagement: adding a user in pfsense who has only this privileges: Hi, Do you mean something like that? https://docs.netgate.com/pfsense/en/latest/usermanager/group-manager.html https://www.youtube.com/watch?v=fOiJ0N2k1mM

Before i found Pfsense i have already hardwired my iot's. So now the only new addition has been smart switches wifi cameras. motions light and temp sensors. The issue would be wifi plus due to the my current limitations the server will be in the basement if i end up settiing up mesh of wireless network the cost ends up going high. This is stuff i have just lying around so i would use this plus if in the future i want to wire my house to have another network for work purposes i can run a cable to my switch is located in a convenient place.

@gawainxx said in Need help setting up a script to run and log tracert and ping tests when latency and packet loss exceeds a certain point.: so it's detecting the ISP modem as the GW. Well if pfsense is having problems pinging your ISP device.. Then its either that device, or the connection to said device.. That would have nothing to do with the actual internet connection.

It actually shows you that error or it just returns no groups? Do those groups exist in pfSense with identical names? Why are you running that old version of pfSense? You should upgrade when you can. Steve

in Diag > Command Prompt use the download field to get it from /var/etc/ntpd.conf. Steve

You should not have to but you could try to manually recreate the key: https://forum.netgate.com/post/510554 Though if it was doing that immediately after the initial install I would suggest something went wrong there. Did you try just re-installing? Steve

Ah, so more likely then it's not a conflict but that your ISP is handing you a technically invalid gateway that's outside the WAN subnet, which is only a single address. Fun. There is an option to allow that for providers who decide to ignore the standards. In System > Routing > Gateways edit the dhcp gateway and set 'Use non-local gateway' in the advanced section. Steve

Urgh. Good luck! At least you have some sort of answer I guess. The fact existing connections stay working really makes it seem like some sort of state exhaustion. that would still have to be somewhere upstream though if pfSense is doing PPPoE, the USB router would not see those states. Steve

So when you put in the sg1100 vs the other one - you actually rebooted the cable modem.. When you change devices connected to a cable modem you almost always have to power cycle them.

Confirmed, it seems to be fixed now. Thanks.

Ah, sorry I see that now. Hmm. Does it happen everytime it loses link? Seems like it must be either specific to your provider or maybe something in the card, different firmware version? I know quite a few people are using that modem. Can you test a different cell provider? Steve

there is nothing saying that could not run on a VM, or sure create a docker for it. I see nothing in that code specific to a pi.. Prob even run on pfsense, python really. The best part about that example was the sending to the outside service to track results, and use that service to know if you need to get alerted.. Since if your internet is say down, you sure are not going to get an email, etc. And they have the alerting stuff already coded to look at variables your uploading..

@networknut Wow! I have been struggling with this for months! This makes no sense but it bloody works. I had the same problem with OPNSense as well and logically the same rules should fix the problem in that as well.

Sure...there are many ways to do this. Here is one in the Netgate docs: https://docs.netgate.com/pfsense/en/latest/firewall/restrict-access-to-management-interface.html -Rico

@johnpoz Good point [image: 1599696756764-fe007b75-e0f4-455c-bc76-2bf05cece0ca-image.png]

Thanks very much for all of your help on this. I've done as you suggested and all is working as it should be now. Thank you for sticking to this topic and sorry for taking so long to get back to it. I have way too many tabs open :).