@jimp Thanks. Its fine now.

Yeah I would suggest you post in your native language section, or for sure draw this up.. The only thing you should be plugging into from your ISP is wan interface of pfsense. If your running it through a switch then the proper vlans need to be setup.

The default block rule should take care of that. Just allow only the traffic you want everything else will be blocked. Yes, it's better to use the narrowest allow rules you can to void ever accidentally allowing access to something you didn't want to. Steve

Should be simple to fix that now that we can easily disable it. I added https://redmine.pfsense.org/issues/9001 to track it.

Rebooted a few times and now the error is gone but it's gotten really slow to almost not workable anymore, the router still works, however the webpages are have gotten really slow to the point where they don't load anymore.

All known XSS issues have been fixed. If you have found what you believe to be a new or otherwise uncorrected XSS, please follow the procedure at https://www.pfsense.org/security/ and report it privately.

I just figured out, in my case, that I could just call my script like this and shellcmd launches it and continues as normal daemon -f python2.7 /path/to/script/service.py

@emammadov @emammadov said in Updating to 2.4.4 version is safe now?: @luisrafael I don't click update. I try to test it in fresh installed 2.4.4 version and restore config.xml. You think this way is not safe too? If you have a fresh installation 2.4.4 maybe you don't have problem with the packages. I update 2.4.3 to 2.4.4 ... and squid package didn't work. Now i update freeradius3 and i have the "some" package not work. Is it stable for me ? thanks

OK, I opened https://redmine.pfsense.org/issues/8993 to track it and committed a fix. As long as you have at least one rule in there on an interface it should be OK. You're lucky the anti-lockout rule was there to prevent you from being shut out of the GUI. It's not a situation most people would find themselves in, but it's worth fixing since it's a one-line correction.

Maybe not. https://forum.netgate.com/topic/109030/upload-a-dhcp-static-mappings-table-to-a-pfsense-device

I'm not aware of a limit there but I've never tried to add more than a few. What exactly are you trying to do? What error are you seeing? Steve

I realise its old but a lot of people seem to be landing here and viewing. I manged to solve this by using the earlyshellcmd and adding it to the pfsense config file eg (you might be able to do multiple earlyshellcmds of run a script but i wanted it simple, and wasnt going to assume the path was setup) [2.4.4-RELEASE][kraduk@pfSense.localdomain]/home/cscott: head -6 /cf/conf/config.xml <?xml version="1.0"?> <pfsense> <version>18.8</version> <lastchange></lastchange> <system> <earlyshellcmd>/sbin/ifconfig em3 name WAN;/sbin/ifconfig em2 name LAN; /sbin/ifconfig em1 name DMZ2;/sbin/ifconfig em0 name DMZ1; </earlyshellcmd>

Many thanks, Steve! Really appreciate your help. Kind regards Phill

Thanks for the hint. I don't think that after what I figured out today, Apple Home will be "my thing". Of course I could setup "something" in IoT VLAN which connects to Home and I can connect from iPhone in another VLAN, but if I didnt do it wrong, it always uses the internet to execute commands, means: Iphone Home App --> Internet --> control server --> back home --> iPad --> IoT devices I can clearly see a delay from pushing the button in Home App and when I sniff on the interfaces I can see outoing and incoming connections. What I'm curious about, except some avahi/mdns/zeroconf stuff there is nothing I could do to keep it local when iPhone is on user WLAN/VLAN while hue bridge is still in IoT VLAN ? Thats where my network skills leave me alone. You might also check FHEM if you didnt already.

You have to define groups and then use group ACLs. Create a group that can access any site and then simply don't apply those blocks target categories to it. https://www.netgate.com/docs/pfsense/book/packages/a-brief-introduction-to-web-proxying-and-reporting-squid-squidguard-and-lightsquid.html?#access-lists-acls Steve

Indeed I have something very similar to that but I cannot use that as a source address. Obviously, it's link-local. I would not expect the OP to be using that as source for a pkg update though. Steve

@rgc No I am Not running pfBlockerNG-devel, but I still can save output to .php file from diagnostic Crash reporter. I was told to post it here 1st. I guess to vet and prevent unnecessary or redudnat reporting from being posted to bug portal. Should I post the the bug report.php now? to th bug reporting portal?

What logs are you seeing without Snort and bandwidthd filling it? I exepct to see more nginx errors in there. Steve