@heavy1metal: I'd go with Kejianshi's idea. Though for social media sites, I'd block every purchased IP range they own, thus blocking both site and chatting features… Google's DNS names for messaging services: https://support.google.com/chat/answer/161980?hl=en restrict access to use only your DNS servers: https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers Regarding the link to the "blocking DNS" entry on the wiki: This: http://www.interspective.net/2012/07/pfsense-ntp-and-network-sneakery.html Can be applied to DNS too. I enable this "feature" sometimes for my girlfriend for facebook when she has to study. The rule to block facbook would look something like this: address=/facebook.com/62.112.159.61 The relevant page in the wiki for this is: https://doc.pfsense.org/index.php/Wildcard_Records_in_DNS_Forwarder

Might also want to reference my original thread http://forum.pfsense.org/index.php/topic,66234.0.html since the backed out patch looks remarkably like the one that was proposed there and where I raised my concerns as to whether comparing the interface address against $vipent['subnet'] will work (I think it won't). If possible, the two threads should probably be merged.

Yes but like I say if you have the same ISP you may end up with the same gateway on each WAN which confuses the gateway monitoring daemon. If you have PPPoE on each WAN you can just change the address being monitored to some other remote IP. If your WANs are dhcp you'll need to take other steps. One possible solution in that case is to leave the modems as routers so that pfSense sees the modem as its gatway. May not be an issue for you. Steve

I know this method based on the gui. I want to do the same from the shell :     1. Restore config.xml.     2. Install automatically packages requiered. Thanks, Yannick

Indeed, everything looks good. Steve

Route changed and connecting fine now.

@kejianshi: Well - I'm either not smarter than you or I'm just hoarding my arcane wisdom.  You decide  :P :|

@Lord_Palethorn: But wouldn't squid help lower the http traffic? (youtube / ustream / steam / ..) so there will be more bandwidth available for gaming? It will to a certain extent but Squid can cause problems for online games that authenticate through http but not for the actual game traffic (Many F2P games do so and I've had it break Blizzard Battlenet as well). Furthermore, you will only save the bandwidth if the data set is repeatedly accessed.

I also see this - could be related as well?: Sep 16 19:38:54 apinger: rrdtool respawning too fast, waiting 300s. Sep 16 19:38:54 apinger: Error while feeding rrdtool: Broken pipe

That will be a WAN interface, effectively, with a private IP. Have you unchecked 'block private networks'? Steve

Ok. Thanks a lot.

Yesterday I decided to do a clean install of 2.1-RELEASE on the same machine and restore a current config with all same settings.  I then reinstalled all same packages with same settings and the issue appears to have gone away for the time being.  Yes, I am using Aliases on a limited basis.

Okay, I might have found a solution for this. Add: dev.igb.0.enable_lro=0 dev.igb.1.enable_lro=0 to /etc/sysctl.conf and restart the pfSense. This solved my IPv4 speed problem.

Well, good to have it narrowed down. Quite some packages have been untouched for years and definitely need polishing for 2.1 (or even 2.0)

a quick search turn up with those:- Squid + SquidGuard Hope this helps