@stephenw10 Legend, thank you so much :)

@stephenw10 Thanks Steve for your help its much appreciated. jkaay

@jc1976 said in website security problems: the walls are all brick and the signal is still strong all the way to my storage unit in the basement) Just because your see a strong single through walls, with some overpowered xmit power doesn't mean your little xmit in your device will be able to reach back through the walls ;) This is common misconception with wifi.. And even if some wifi device can see the signal and even if the AP has great reception sensitivity.. Devices connecting at the "edge" of coverage is not good for all the other devices on the wifi.. For best wifi all around - it is almost always better to have multiple AP so that clients that are connected to any specific AP have both good xmit and recv signal in both directions. Also spreading your clients across multiple AP also helps for overall performance of all devices involved. While there have been great strides with stuff like mu-mimo and beamforming and ofdma. 1 AP sort of setups are not going to be best sort of wifi, especially as the amount of wifi devices explode in number.. Quite often all over the house.. I have like 30 some wifi devices connected to my wifi at any given time.. Splitting these connections across multiple AP is better for all clients overall performance. If you feel running dhcp on this device of yours is best for you - then great, just make sure its not handing out info your not aware of, like pointing to itself as dns as well as maybe your pfsense.. Doesn't really matter where something like dns or dhcp runs in your network - as long as it works.. But a true AP would normally not have any way to be a dhcpd.

Viewing usage by logical interface is generally more used but I can certainly see a use case for this. You could open a feature request: https://redmine.pfsense.org/ Steve

My own fix/solution, locate section and replace if commented sections match. /etc/rc.update_bogons.sh # Set default values if not overriden v4url=${v4url:-"https://files.pfsense.org/lists/fullbogons-ipv4.txt"} v6url=${v6url:-"https://files.pfsense.org/lists/fullbogons-ipv6.txt"} v4urlcksum=${v4urlcksum:-"${v4url}.md5"} v6urlcksum=${v6urlcksum:-"${v6url}.md5"} # process_url /tmp/bogons "${v4url}" # process_url /tmp/bogonsv6 "${v6url}" rm /tmp/bogons rm /tmp/fullbogons-ipv4.txt.md5 rm /tmp/bogonsv6 rm /tmp/fullbogons-ipv6.txt.md5 curl --max-time 120 -k https://files.pfsense.org/lists/fullbogons-ipv4.txt -o /tmp/bogons curl --max-time 120 -k https://files.pfsense.org/lists/fullbogons-ipv4.txt.md5 -o /tmp/fullbogons-ipv4.txt.md5 curl --max-time 120 -k https://files.pfsense.org/lists/fullbogons-ipv6.txt -o /tmp/bogonsv6 curl --max-time 120 -k https://files.pfsense.org/lists/fullbogons-ipv6.txt.md5 -o /tmp/fullbogons-ipv6.txt.md5 if [ "$proc_error" != "" ]; then # Relaunch and sleep sh /etc/rc.update_bogons.sh & exit fi # BOGON_V4_CKSUM=`/usr/bin/fetch -T 30 -q -o - "${v4urlcksum}" | awk '{ print $4 }'` # ON_DISK_V4_CKSUM=`md5 /tmp/bogons | awk '{ print $4 }'` # BOGON_V6_CKSUM=`/usr/bin/fetch -T 30 -q -o - "${v6urlcksum}" | awk '{ print $4 }'` # ON_DISK_V6_CKSUM=`md5 /tmp/bogonsv6 | awk '{ print $4 }'` BOGON_V4_CKSUM=`cat /tmp/fullbogons-ipv4.txt.md5 | awk '{ print $4 }'` ON_DISK_V4_CKSUM=`md5 /tmp/bogons | awk '{ print $4 }'` BOGON_V6_CKSUM=`cat /tmp/fullbogons-ipv6.txt.md5 | awk '{ print $4 }'` ON_DISK_V6_CKSUM=`md5 /tmp/bogonsv6 | awk '{ print $4 }'` if [ "$BOGON_V4_CKSUM" = "$ON_DISK_V4_CKSUM" ] || [ "$BOGON_V6_CKSUM" = "$ON_DISK_V6_CKSUM" ]; then

@nollipfsense maybe? Maybe he just needs to set a reservation in his dhcp ;) Its not unheard of practice from a security point of view on firewalled segments that will have different rules to be different. So your not actually creating pinholes for specific IPs on a vlan. Either the whole vlan has access, or nothing does. And if something needs access to some other vlan or specific ips and services on a different - put devices that need this access in a different vlan where you can create rules for the whole vlan vs specific IPs on the vlan. But it does seems like a leap in concerns for smaller network, maybe in a datacenter or larger enterprise with very strict security policies. dhcp reservation would ensure his specific device(s) would be the only thing with that IP(s) that are allowed to talk to the server on port X. If really concerned, setting up static arp, and sure also run arpwatch to be alerted if the mac for IP xyz changes. edit: If you were really concerned - and your devices are wired, you could setup port security on the switch ports. This would prevent a device from changing its mac and gaining access to the network via different mac/ip combo that matched your firewall rules.

@kiraciro said in configuration error ACME: @stephenw10 yes great ... i updated and it works I would show a screen shot that you're indeed now running pfSemse 2.5.2 since you came here for help and got it.

@stephenw10 They certainly have a lot more scope for overheating, though personally I've only had one fail on me and it was a dirt cheap model off eBay. I have an Aquantia model running off that i5-8250U appliance at the moment as I decided if I weren't going to replace my router with it, might as well replace the old router I was using as a switch with a Linux box with the ports bridged and ~3.6Gbit uplink over that adapter.

@stephenw10 Good tip, thanks!

Ah, nice result! Yes so normally the interfaces inherit the MTU from parent. Doubly here since you have VLAN on a LAGG made up of real NICs. So in order to allow you to set an MTU pfSense applies the MTU to the parent interfaces and their parents which results in all the subinterfaces also having that applied. Steve

@m0snr Well you should be able to just look at the status of your interface and get a total counter in packets which would give you a hint to if you moving any amount of data... Keep in mind there is a quality check that would be running, it defaults to zero data.. But still something moving back and forth that could use up your data.. In/out packets 356808060/343365930 (388.44 GiB/339.52 GiB) In/out packets (pass) 356808060/343365930 (388.44 GiB/339.52 GiB) The monitoring graphs will show you bit rates over time.. And the package "Status_Traffic_Totals" is prob of interest to you. [image: 1638213149706-data.jpg]

Currently pfSense Plus is only available for Netgate appliances. There will be an announcement when that changes. Steve

Yes, there is nothing included in pfSense to do that. You might be able to add something custom for SSH connections to add that but not for as direct console connection as far as I'm aware. Steve

For the KVM switch to not cause what you are seeing it must continue to emulate the KVM when switched to other clients. You likely have a KVM switch that does not emulate the KVM, when you switch the KVM to another host the KVM simply goes away causing FreeBSD to see the hot plug event. If you want to test this theory unplug and re-plug the KVM from pfSense with it selected and see if you see the same behavior.

@mynetworkrocks said in Suricata Unix Socket: @bmeeks A quick question - looking at the config I posted do you see anything i need to adjust to get this to work? Sorry, but I don't use telegraf. The configuration coding for that option was provided by a Suricata package user, and I just incorporated it into the next release of the GUI package. There are some older telegraf threads in the Packages sub-forum here. You might find some answers by searching in those.

@jt40 I have ran content filtering and security for multiple companies over the years - I know exactly what they do an don't do ;) And how they do it and what they can do.. And MITM is a can of worms that many will not open - that you take it upon yourself to do it - with a company that has had questions, and is banned in some countries on gov type computers.. Filtering where a user can go is simple enough to do with explicit proxies having to be set without having to break the end to end encryption of the ssl connection. I don't have to peek inside your ssl connection to block you from going to xyz.com or allowing you to go to abc.com via https. Well you do you..

@pukoid said in Memory consumption: No, it's not pcscd. Stopping it in services changes nothing. Maybe I'm wrong, but in my case it need 30-60 secondes after stop the service... Edit: See it after posting /usr/local/bin/vmtoolsd is your issue.

@stephenw10 Thanks Steve, I'll try the cronjob.

@stephenw10 Diag > Command Promt and rm /tmp/notices sure did help. Thanks - case closed! (Decided to put my UDM in first place and then use my pfsense to protect a subnet behind this. I like the pfsense more but it's not a wifi-router so...)

Mmm, well that's something else. I'm not aware of anything in particular that might cause that. Check the Squid logs. What are you using Squid for? Steve