Go to the pfSense documentation page: http://doc.pfsense.org where you will find links to animated tutorials, How-tos and FAQs.

Those rules are quite wrong. You only need one rule: pass all from (the ip of that box) to any, gw_opt1 It must be above any other rule that would match the traffic, too. Try fixing the rule. If that doesn't help, move the rule to the top of the list.

Most likely that specific chip. If you do a google search for "freebsd re0 promisc" you'll see there is quite a history there :-) Some (most?) of them work fine out of the box though.

tanks for answer but my problem is for time of block a ip in tableblock i find answer in this forums , tanks all –---------------------------- The answer is: First, install crontab package to help changes. then, open services -> crontab change line */60    *    *    *    *    root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot to *    *    *    *    *    root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 120 virusprot or */2    *    *    *    *    root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 120 virusprot The "-t 120" means block ip for two minutes, of course, you can change it to fit your needs. After this, you can limit connections on your pfsense(eg. 10 per second  or 200 per ip or both). if it reaches that limit, in 02 minutes your client can connect again. But if you do not need to free blocked ip, you can change virusprot and sshlockout crontab  rule to check correctly if the default time '-t 3600' has reached. The default rule checks every hour if the blocked ip has been blocked for 60 minutes. But if the ip address is blocked for 59 minutes when cron runs, it will take another 60 minutes to unblock it. Consider a very huge firewall with these rules, if you wait 120 minutes to remove an ip from list you could get a very long list. if you check every minute or every 5 minutes, you will check a smaller list. With these change, you can setup a very huge dynamic rules that prevents DOS without any extra package. Of course Snort, modproxy, and other security tools will improve security on your firewall. I've tested on Pfsense 1.2.3 and 2.0

ok tanks  ;D

Under status - Traffic viewer.

Thanks all… =)

Awesome,  Works like a charm. Thanks again.

The driver is from FreeBSD, iirc. Not sure if Dell/Broadcom actually contribute much at all. The tricks I put on that wiki page have stabilized the cards for most people I've worked with that have bce.

Further update: Perhaps it is already off topic but since it is the same machines I am referring to so I put them here. Finally I have replicated the crash under a test condition and found that it is the NIC that have been causing the problem, all the problematic servers are using the same NIC with the driver: dev.dc.0.%desc: Macronix 98715AEC-C 10/100BaseTX The crash occur after "TX underrun - using store and forward" message appeared during a network stress test(downloading large files). Hence I start looking at the NIC, replaced with another brand and everything works like a bliss, not even TX underrun message popping up. Both RealTek and DLink NIC works happily. Poor thing I have been spending weeks torturing it with CPU and HDD stress test scripts and it end up the real culprit is the NIC :/

@josueharos: How did you properly enable bridging. I want to setup a pfsense box as a filtering bridge using only 2 NIC (WAN – LAN) to filter traffic passing through a wireless link we have, without messing with NAT. Can you post some info about it, Thank you You should consider third interface for management

Hi jigpe, I'm using pfesense 2.0 but I think it's radius because using have to login captive portal after successful authenticated. They can get this access. If we use squid we can  only apply on web traffic. Please kindly advise.

To reset the web interface you use the console and then assign the IP to the LAN interface again. Then the webGUI will revert to http. This will give you back access to you box - but will not help you with your cert prob.