If you have access to the GUI it's just Diagnostics > Backup & Restore [image: 1578059627140-restore1.png] [image: 1578059633296-restore2.png] -Rico

@kkprasanth said in pfsense not blocking file extension: @JKnott Can it be used on the setup ? In order to do that, it would have to do deep packet inspection and be able identify file types. That's well beyond what pfSense is designed to do. Also, as mentioned above, TLS is often used these days, which means the data stream is encrypted and beyond deep packet inspection.

Ok, thanks for your response. Happy new year! Regards, Damián

Hi, You saw this : @mohamed8080 said in The firewall has enountered an error: (tried to allocate 268435464 bytes) that is not just a number of random numbers, it was actually trying to get hold on 268 435 464 = a bit more as 268 Mega Bytes of memory in PHP working space. That failed. First check to know more about who/why/when : de activate pfblockerng. No more problems, right ? Next best test : remove some of the feeds. Start with the biggest ones. Put pfblockerng on a diet.

I imagine you've done the basics, like changing cables, using another card port as uplink, cleaning and reseating the card? If so, well, used cards and servers can fail in obscure ways. If having received no benefit from the previous changes to the config, I'd probably spend $20 on another NIC, maybe an i340.

@stephenw10 thanks

Those offloading options should be disabled by default (checked). It rarely improves performance and can cause massive problems so I would not recommend enabling them. You might also disable Hardware Checksum Offloading as that can cause problems on some NICs. I would not normally expect bridging to cause a throughput issue on a system like that but if you were seeing output errors it was clearly hitting some issue. Unless you had a wifi interface in the mix there for example. Steve

Mmm, the DHCP server should supply the interface address as the gateway if you don't specify anything. It's hard to think what could prevent that. If the interface was invalid in some way you would be able to set it in the first place. Do you actually mean 172.16.1.1? 174.16.1.1 is not a private IP. It may be conflicting with something by some unlikely coincidence. Steve

Well depends on what you make of "application blocking" It can be done native if your just talking the ports the application talk on.. But as its listed as optional, and it can be done with optional packages. snort and openappID and proxy for url filtering.

https://www.eclipse.org/forums/ ? https://help.eclipse.org/2019-12/topic/org.eclipse.php.help/html/reference/preferences/php_executables/index.html

You actually have static public IPs on those servers? Or they are just forwarded by the comcast router? To actually use public IPs directly there you would need to have a public subnet routed to you and to route that to pfSense in the Comcast device. It would need to be a different subnet that the Comcast WAN too. If you are just portforwarding you need that setup through both routers. If they are all using the same port then you would need to use some intermediate ports on the pfSense WAN or have 4 WAN IPs. Steve

OK. The issue I see is that to use the NIC with DPDK drivers, as I understand it, you need to unload any other drivers attaching to it. That means you can't use that NIC as an interface in pfSense. And that means that I'm not sure what traffic you can capture on this NIC. The only way I could see this being useful is if you connect it sepeartely to a mirror port. Am I missing something? Steve

Or just enter the url '/system_usermanager.php' directly.

Yep. As soon as you see phrases that use the word [image: 1577775326803-920487c2-e31e-47e5-b350-36b1b3f510ea-image.png] or inode for short, you know the file system isn't 'clean' - they call the state 'dirty' - and it chkdsk, sorry : fsck time.

@naiksawan said in Allowed memory size exhausted.. what cause & how to fix it? please help..: /usr/local/www/guiconfig.inc on line 693 Most probably you were about to look a a log file that was to big to get parsed and formatted by PHP. This can happen when you set [image: 1577694246631-b9b0dabe-f1ea-4c03-99af-4e7e70a9e4ab-image.png] to a huge value ... something like 532 677 601 bytes - or half a Tera Bytes. Try something less daunting, or go out, do some DRAM chopping, change PHP settings so it can actually use it, and retry. Use the console access - option 8 and then the clog command to dump a log file to terminal : example : clog /var/log/system.log

I've yet to see a NIC that couldn't do VLANs in pfSense, assuming it works at all. Maybe I've not been looking hard enough....

Um.... is that a question? Waaay more info required if so.

@stephenw10 Are you asking what you can do to disconnect and reconnect? If you don't do anything, it will reconnect automatically and the time will be about 3 seconds. no. Server 1 is using private IP. ISP │ Pfsense (xxx.xxx.xx4.214) │ L2 Switch ┌ ┐ Server 1 (192.168.1.100) Server 2 (192.168.1.200) External IP Pfsense, Server 1 = xxx.xxx.xx4.214 Server 2 = xxx.xxx.xx4.220 [image: 1577608640571-1.png] [image: 1577608646926-2.png]

The default gateway group does not work with a load balance gateway group. It selects one gateway as the default, which is the active gateway with the highest priority (lowest number - 1 is higher priority than 2) tier. If you have > 100 pass rules on your LAN rule set and you want to point them all to a load balance gateway group, the best thing to do is get to work.

You are right, I restarted the service and the new settings were applied. Makes me wonder thou why lighttpd in combination with pfblockerNG had over 100 sessions opened for one ip address hours after I disconnected the device from the network.