No sorry, I had assumed you wanted to avoid writes to the on-baord eMMC. Writes to an mSATA SSD should be no problem. Steve

@brians That actually makes quite a bit of sense. I will try to install one and let you all know how it goes. Thank you!

Using the acme package might be a solution. I haven't tried that. That link helped to get me started. Using the correct search terms massively helps getting more relevant search results. Thanks a lot for the quick response and the nudge in the right direction.

@jimp Ack pls advice what was wrong for future refs https://forum.netgate.com/topic/139651/problems-with-webroorftp-method/14

This : @jakeyg said in Problem with email authentication from the pf sense box: do i have to forward it as a rule on my receiving account? looks promising to me. pfSense can send to one destination.

@Gertjan and @JKnott , Thank you both for explaining this in a way that makes total sense.

I dug around some old mailing lists. The warning pertains to cases where a person has a normal account on the host, and root access in a jail. He can then suid a binary, eg. vi, and use that suid executable on the host. If you where to have this edge case, the problem is easy to fix, just chmod 0700 your jail dir on the host. SHM was also mentionen but as I stated, it's disabled by default.

Yes, you should update to 2.4.4p2 when you can. Be aware that is quite a significant upgrade however: https://www.netgate.com/blog/pfsense-2-4-4-release-now-available.html https://www.netgate.com/docs/pfsense/install/upgrade-guide.html Steve

You would expect code in HEAD to be in the next release. That page was last updated in August though. FreeBSD 11.2 that pfSense 2.4.4 is built on includes those patches: https://www.freebsd.org/security/advisories/FreeBSD-SA-18:03.speculative_execution.asc Steve

@mike69 said in pfsense.org missing 2.4.4-p2 download: Paste [solved] at the beginning of your title in the first post. Thank you Sorry for my english. Not a problem!

Hi Captive Portal is an option. Check oficial docs about: https://www.netgate.com/docs/pfsense/captiveportal/captive-portal.html

My setup is; (I tried with traditional separate switchgroups first - same result) Basically a Distributed-Switch over the two hosts with 2 Port-groups, one Trunk VLAN (all) and one VLAN tagged with 100) pfsense connected to Trunk VLAN - and created VLAN inside pfsense with 100 tag then VM uses the VLAN portgroup (that is tagged to 100) works like a charm, DHCP, internet etc. - when Iam on the same Host. but when VM is on the other host, nothing works, no DHCP, even if i set static ip to what i have selected - i can not even ping the gateway. I have moved both pfsense and VM's back and forth to exclude there is a specific issue with one of the hosts. I guess there is something in the underlying network that is the problem, according to the vendor (Iam colocated) this network (that my distributed switch is using for uplinks thru one card per host) is a PRIVATE VLAN allowing 0-4095, so I assumed it would work... this is really out of my competence zone :) However I don't see how this can happen within the DSwitch in ESXi (that should be distributed over the hosts)

@landman16 said in Issue with a block of 16 IPv4 addresses: ISP is asking if this is the upstream gateway of Zen or some IP within my public subnet. Sounds like your ISP needs some tech support that's not clueless. When configuring a router, it's the ISP's gateway. With computers, it's your own, in this case pfSense.

This is solution https://forum.netgate.com/topic/40344/how-to-bring-interface-up-from-pfsense-commandline/5

On the General Settings tab of the ACME package, check the Write Certificates box, which drops the cert files in /conf/acme/ and from there you can have scripts pick them up and deliver them where you want.

No real way to do this at the firewall usefully I would say. Might try just allowing only MACs you've added. Or maybe 802.1x at your access points. Maybe if you have signatures and those phones in questions are calling home you can detect and block them in Snort. Steve

Hmm, unusual failure in those cards. Assuming it's a genuine one. Nice catch though. Steve

This seems connected to this issue https://forum.netgate.com/topic/114786/pppoe-disconnects-requiring-reboot/2

It is working better than every after MoCA filter and swapping to Technicolor XB6. Not sure which one fixed because did both at same time but I am not concerned anymore.