jimp Thank you for the straight forward reply… how did I miss that  ??? and i've been around pfsense for like 2 years now... I just never tried this... and been bumping my head against this for a while... I guess I kind of ignored it as I thought it was for multiple pfsense's?... actually I have no idea what happened in my head... Again, thanks for the reply!.

What I do to stay fit for me. Not need to be downloaded on the web too. I will get back with you.

Well you could enable "Deny unknown clients"  And create reservations for all your workstations. From a general security setting any ports not in use should be disabled, if users are plugging into unused ports those ports should be off in the first place. Now sure what your using for switching, but many managed switches provide for port security.  Look into cisco port security for example. http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html This can allow you prevent users from unplugging their workstations from the port on the wall and plugging in their devices.  Now if they are smart enough to change the mac your out of luck :) But this is more security than just not giving them a dhcp address.  You can also enable Static ARP entries in pfsense, now it will only talk to devices it has reservation for, etc.  This prevents users from just putting in a static IP on your network. You could look into a fullblown NAC or NAP.. http://en.wikipedia.org/wiki/Network_Access_Control Something like http://www.packetfence.org/ comes to mind.

Status -> DHCP leases will only show you clients that request DHCP addresses from pfSense.  To check for static IP hosts as well, head over to:  Diagnostics -> ARP table.

@Clear-Pixel: Until we find out how Cisco will affect the open source end of it if any, I suggest continue developing the snort package and refining it. Oh, I don't intend to abandon Snort at all.  Just looking at Suricata as another alternative to have in the package collection. Bill

Figures it would be in the one place I never go to,thank you for the help.

If you are on NanoBSD (e.g. CF) then it's not particularly sensitive. A full install without any extra packages probably wouldn't have any problems either. If you have packages with a lot of volatile data on the HDD such as squid, then you might have problems.

How old is the Soekris device? How much RAM does it have?

@jimp: The code on the backup page hides sections that do not exist in that config.xml If Aliases doesn't show up, then it doesn't exist in that config.xml It should show up in the Restore Areas section though, assuming you're looking on the target which has no aliases yet. Heh…  I assumed that since he was asking that there was actually something to export.

You can use the "Set interface(s) IP address" option to change it, or using the GUI (Interfaces > LAN) Using ifconfig would only work temporarily. Next time the system refreshed the interface or the firewall rebooted, it would go back to the setting in your config.xml

Known issue, see https://redmine.pfsense.org/issues/2495

Solved! It was actually what you, stephenw10,  suggested, TP-cables!! I changed both cables, restartet the Cable modem and Alix. Bang! Full speed again..even if if test it several times :-) (testing with nettfart.no) 66-70.3 Mbit/s 10.81 Mbit/s 4 ms Ping Thank you so much for helping me research this issue!!! For info: Alix 2D13 = been running for 1.5 years. PC = just a couple of days.. ;) Same fault appeared on Alix 2D13, with both pfSense 2.0.x and 2.1. Using Alix 2D13, pfSense 2.1, and downloading a 1Gb file.. the Alix used 25-31% CPU.

Any one ?

Are these network printers? If not then you need to run a print server such as CUPS. I think there's some information in the docs subforum about doing that but it's not supported in any way. Steve

thanks mate!

What you probably need is SNORT as IDS/IPS. I never used it but it is a detrusion prevention and detection system which allows you to block source or destination IP addresses to be blocked if there is any violation. Blocking can be done by time so that an IP/host will be blocked for 1h and after that can again access and of course - if there is violation again - blocks again this IP/host. Of packages forum there are some threads about snort and some really good threads and how-tos from user bmeeks how to use snort. You should have a lookt at this and reads the threads carefully to find what you need.

@jimp: On 2.1, if you enable the option to kill states when a gateway goes down, then all states are removed when a gateway goes down, not just the WAN-side states. Enable means checkbox is not selected, right? It seems I'm observing the same issue - I have this ckeckbox unticked and my server was not able to register to the external voip provider until I manually cleared the states through web gui.