@imburr said in Firewall *Stops* and Break in Logs For Extended Time: @bmeeks Very interesting! The work PC is connected via ethernet to a 8 port switch, which then has one homerun into the main 24 port switch, which then has one ethernet cable going to LAN on the pfSense. I cannot see for a way for it to be a physical loop, can a loop still happen in this instance, due to some misconfiguration or software issues? Most often I've seen network loops created by plugging one port into another on the same switch accidentally. It's also possible for something like bent pins on an RJ45 connector, or a faulty cable with an internal short, to cause a loop. It's just that a completely dead network where all devices on it seem "frozen", only for everything to return to normal when you remove, or power down, one device, is strong evidence for a network loop of some sort caused by that device. In your case, that seems to be your work PC. I would start simple by replacing the Ethernet cable for the work PC. Next, take a flashlight and carefully examine the pins inside the RJ45 Ethernet port on the PC's network connection. Look for two pins touching, or any that seem obviously bent or damaged.

Yes, I thought more people would have been seeing it given that I did. I queried it internally though and no-one else was having an issue. And then subsequent requests to the repo went through no problem. Perhaps I happened to catch the end of the issue. Steve

@rocket-0 With the Netgear modems you should not have to spoof at all on Comcast's Xfinity service. Simply rebooting the cable modem should be sufficient. Have you tried this?

@f3rn3po Ctrl+c

@cyberneticcody Can't edit for some reason... PFSense version is 21.05-RELEASE

Quick update, have narrowed down to /var/unbound/usr/local/lib/python3.8 Shell Output - df -hi /;du -s /var/unbound/usr/local/lib/python3.8; df -hi / Filesystem Size Used Avail Capacity iused ifree %iused Mounted on /dev/ufsid/5cdd3c209fe36da7 7.0G 2.0G 4.5G 31% 27k 935k 3% / 274800 /var/unbound/usr/local/lib/python3.8 Filesystem Size Used Avail Capacity iused ifree %iused Mounted on /dev/ufsid/5cdd3c209fe36da7 7.0G 1.4G 5.1G 22% 27k 935k 3% /

@gertjan said in Test email has no hostname?: @incith Locate : function saveAdvancedNotifications($post, $json = false) { global $config, $smtp_authentication_mechanisms, $pushover_sounds, $g; in the file /usr/local/pfSense/include/www/system_advanced_notifications.inc and add, as shown, a $g and save. Just wanted to say thanks for this!

@tagit446 i solved this problem, i realized that the NTP server wasn't working properly so i turned it off and seted the time and date manually by console. problem solved!

@brucexling exactly! Any book you buy is going to be outdated very quickly - even if just published a few weeks ago.. The living document is best resource..

@stephenw10 hello stephenw10, sorry for the delay i was not at the office for testing. I feel so stupide to haven't think about that alone, you were completly right as soon as ii changed serial to vga i could see all the boot. i steel have a lot a difficult to access my web interface cause it take ages to change page, i suppose it's because i have only one router with the Ha and no internet cause the old routeur is still in production. i suppose that the fact the the routeur hang several minute on ipsec when booting is du too that cause too. i will switch the routeur next week if everything is ok. Anyway thanks a lot for your help. have a nice week end

@bjurkovski said in Upgraded from 2.4.5 to 2.5.2 and having problems with config file restore on every reboot.: I wouldn't have had this problem if I had just disabled Python mode in my config before reinstalling I think this should get pinned because I run in this trouble too: If in the config, before reinstalling, the pfblockerng was in python mode then unbound is not working (he is missing the python module) and no packages can be installed because Url's cannot be resolved. So switching pfblockerng in unbound mode before save the config is the best way to workaround this issue. Regards, fireodo

@provels You're right. I noticed the issue again. After reloading Dashboard tab the scale was back to correct again. Here's screenshot before that (Left: Dashboard, Right (ok): Status/Traffic graph) [image: 1626332654403-fd08a016-fdb5-4465-90a3-c545ae435e38-image.png]

Finally I found solution on: https://forum.netgate.com/topic/164732/python-regex-list

@johnpoz There are some ips which do not resolve as they are out of dhcp range and not static or the device doesn't tell a hostname. But almost all ips resolve proper. If domain override exists with the lookup server pointing to itself, it causes the problem. Guess pfsense gets into a loop "ask itself many times" for the entries it can't resolve.

Hi, @Gertjan and @stephenw10 Thank you for your answers. Regards

I find this post absolutely hilarious. I haven't done squat with ipv6 for about the last 10 years ... and not that I needed it now I have decided that as an experiment I will provide some v6 connectivity to some of my LAN hosts cause I have a /48 from my ISP. I was actually debugging some network issues related to NDP so was running a tcpdump on my link... as soon as my subnet become routable massive portscanning traffic started flowing in from the exact same ip: 240e:f7:4f01:c::3.53802 I find this absolutely hilarious cos this was one of the selling point of IPv6, kind of a "security through obscurity" that you cannot ( or I mean you should not be THAT DUMB TO TRY) scan address ranges and this guy is not giving up since 2 years, imagine the amount of junk traffic he generated since than and just how many ips is he scanning bruh don't have anything better to do? :D

@dma_pf said in Policy Routing Rule Not Working: Diagnostic->Tables shows that SitesThroughWAN has no entries Ok, well that's a problem. It can't match anything if it's not populated. Check the resolver logs. You may have something unresolvable in there. To workaround it before you upgrade I would move that to two aliases, one for IPs and one for FQDNs, and use two firewall rules. Steve