@henniee You don't need to worry if: 1- you are using EAP authentication (e.g. IPsec, 802.11x) which is not affected. 2- if the traffic never leaves the firewall (FreeRADIUS server on pfSense software, NAS/Client is on the same device) For the time being, you can set this in your radius.conf, but note that this may bring issues depending on your NAS devices freeradius implementation. require_message_authenticator = yes limit_proxy_state = yes Note current best practices dictate protecting RADIUS traffic by tunneling or limiting network access (e.g. using a private/secure link for RADIUS) which also limits potential exposure. You can get more details in the following links: https://www.freeradius.org/security/ https://www.inkbridgenetworks.com/blastradius/faq To report vulnerabilities, go to https://www.netgate.com/security This is not an official answer from Netgate or from freeradius, I'm just a regular user.

@Gblenn Thanks a lot for superb help :-)

Re: ISP router (Nokia G-140W-F) does not have bridge mode This router actually supports bridge mode. But ISP should make configuration change on own side to make it work. Under Network Lan menu you can switch one of four ports to bridge mode and under WAN menu delete Internet related VLAN configuration. After you have to set same Internet vlan on firewall interface.

@Wkrenski said in How to block delete action for web Gui user?: ... but she ended up deleting the area by accident. Would it be possible to disable the delete function in the zone? As a system admin, ones in a while you have to take more drastic measures. I'm using myself, as I always have some Windows PC up and running : https://github.com/KoenZomers/pfSenseBackup and from that day, I have automated a pfSense backup, every day. So, when you, me, or she f#cks up : no issue, the backup is there. There is also the Services > Auto Configuration Backup which offers the same functionality. For myself, if you've found out that people that just click around and don't know what they are doing, then its up to you to not allows these people access to the pfSense. @Wkrenski said in How to block delete action for web Gui user?: who inserts MACs into the captive portal And why not using the automac insert option ? Upon first login, device of portal client will get auto added. You still have to remove them manually, though, as this list will continue to grow ....

It's possible to do that using captive portal with radius accounting, yes. https://docs.netgate.com/pfsense/en/latest/captiveportal/configuration.html#accounting

Send me the NDI and order number in chat and I can check it. Steve

@Gertjan alright I will find out. Thou thanks for the help u had given me. Have a good day

@guyonabuffalo I had a similar issue night before last. "Alexa, play the bridge on SiriusXM". She said "Ok, playing..." and then silence. What? Is the station off the air?? Tried another station but no luck. This morning I was working in my office and I heard about 10-15 seconds of music from the echo there where I had tried playing before. While I was investigating I heard about 5-10 seconds of it a couple of times. I restarted my firewall but still silence. I created a rule to permit RTP (TCP/UDP) on WAN from any to any but still silence on my living room echo, I reset the SiriusXM skill but still silence after asking again. Then I tried asking on my office echo and it worked. Tried again in living room but silence so I restarted the echo and then it worked. In the end I wonder if just restarting the living room echo would have fixed it. I'll may never know but if it happens again, I'll start with restarting the device, then try other devices, then reset the skill, finally the firewall...

Hello stephenw10 , I wanted to wait to be sure but I no longer have any disconnection from this IPsec bridge. When I reduced the delay to 1 hour, I no longer had this problem, but therefore no more logs :) So I postponed the 8 hour delay to have this cut again, but it no longer cuts! So too bad for the explanation, I'll look at the logs if it comes back. A big thank you to you for your answers <3

What's in that ICMP packet? I expect that to be a port denied message.

Hi guys! It's been a lot since the last response to this. After updating to 2.7.2, can't get to make work ldaps again (updated from 2.7.0). By running this commands: setenv LDAPTLS_REQCERT allow ldapsearch -v -H "ldaps://dc1.local:636" -b "dc=local" -s sub -D "username@local" -w "password" seems to work because it shows so much information about my directory. But it does not work when trying to authenticate on GUI. I have restart PHP-FPM so many times with no success. Please advice. Thank you!

@stephenw10 I can the pcap on pfsense. HTTP/3 is no longer experimental and is fully active in the iMac it can no longer be disabled manually 2017--> was still in development [image: 1720667159562-screenshot-2024-07-10-at-20.05.52-resized.png] 2021--> This was the background and code for how it works with applications https://developer.apple.com/videos/play/wwdc2021/10094/?time=16 2024--> Apple has fully activated this on the Sonoma 14.5 and Safari 17.5 it has no option to disable like the link above has. It also has HTTP/3 DNS much like DoH however pure UDP let's call it DoH/3 DoH/3 seen here: [image: 1720673692109-f065612b-98b0-4959-9e37-68c032208922-image.png]

@stephenw10 LOL, yeah and aptly named too! It actually attempts to serve a purpose as it offers QoS options for gaming, but the Killer Performance Suite is generally considered nuisance-ware. I thought I had uninstalled all that a long time ago, but apparently that service was hanging around. :) I simply didn't realize it as I've been on much slower internet until gig came to the neighborhood. :) Jeff

If you have set that I would expect no issue since the server would reject any unauthenticated requests.

@stephenw10 You are sure. I didn't remember this configuration. Sorry for forgetting and thank you.

Hi @stephenw10 Thanks your post pointed me to where to restart the monitoring service. My google searches were failing me.. Everything I found said that restarting it was some where under the System -> Advanced Settings area. But I couldn't find it. However it's under that Status -> Monitoring -> Settings ->"Display Advanced" button.. Sigh. Now I know the term to search for it's easy.. After disabling and enabling Graphing again it's fixed! Cheers Richard

@JonathanLee [image: 1720565706412-75620283-fd7d-4b05-9a7b-227e657c48a1-image.png] No more, good work !

@stephenw10 I sent you a chat