Yes, just disable it if you're not using IPv6.

No you don't need all those rules. By default a bridge filters on the member interfaces not on the bridge itself. You've allowed for that with the group rule that gets applied to all members. Alternatively you can move the bridge filtering onto the bridge itself and then you only need rules on BR0. https://docs.netgate.com/pfsense/en/latest/bridges/firewall.html#bridging-and-firewalling However if you want to filter traffic between LAN and OPT1 you need the rules on the members. If you look at the rules you can see which ones have opened states and passed traffic. Anything that that doesn't likely doesn't need to be there. In your setup the rule(s) on the BridgeGroup override everything else so you'll likely only see states there.

@rajbps In the backen settings you can easily state the port. Just select "address + port" and enter the proper values.

Not really. I just added that URL to the config Squidguard and run the update. It takes a while to do anything. You might check the Squid/squidguard logs after trying to update. There should be an error there if it failed.

That's a normal message at boot when ntpd first starts and hasn't yet decided it's configured sources are valid.

Something there is logging a lot to make the logs rotate every few minutes like that.

I agree if it shows that uptime it's not rebooting. Odd then that it's somehow losing link. I also agree that check_reload_status should not get stuck like that. As you found we have had issues with it in the past and they are difficult to pin down because it's normally not repeatable on demand. If we can narrow it down to something like a link state change that would be very helpful.

@mer said in California and standard time: But if they set start date to 1 jan and end date to 31 dec they sidestep the "law" Nope. If a state uses any form of daylight savings time, they have to use the date schedule set forth by federal law. Originally states had the right to set their own schedules, but that was done away with in the Uniform Time Act. The only way around this is to use standard time year-around like Arizona and Hawaii.

Try starting igmpproxy in verbose mode at the CLI amd see what's shown when it fails. Compare that to what's shown in 2.6.

Use Lightsquid like it says in that guide. The sarg package was deprecated way back in 2.3.0.

@tedjackowestnet when pfsense only has a "wan" it allows for access to gui on wan.. When you add a lan, that allow will go away.. You should edit your wan rules to allow for gui access, setup your lan.. Then once your in on lan remove your wan rule that allows gui access. or just setup lan from the console, or why did you not setup wan and lan when you first set it up?

@stephenw10 Thanks! I think this may work for what I need. I will experiment...

Jan 26 13:00:44 kernel re1: watchdog timeout Jan 26 13:00:44 kernel re1: link state changed to DOWN Try the alternative Realtek driver. Since I assume you can't change the NICs.

FYI, here are the results of my investigation https://forum.netgate.com/topic/185794/there-s-absolutely-no-useful-documentation-on-user-system-copy-files-to-home-directory-chrooted-scp/6 any improvements (and I wish there are) are welcome!

FYI, here are the results of my investigation https://forum.netgate.com/topic/185794/there-s-absolutely-no-useful-documentation-on-user-system-copy-files-to-home-directory-chrooted-scp/6 any improvements (and I wish there are) are welcome!

It's unlikely you're using anything anywhere near 16GB unless there is a serious memory leak somehow. That should be pretty obvious from the monitoring graphs.

@guardian the instructions how to get to your modem have already been given multiple times. I do it this way.. I have a 192.168.100.2 vip on my wan, that is connected to my modem.. [image: 1706351331281-vip.jpg] Do you have any outbound rules in floating that block rf1918? Do you have any rules on your lan where where your client is trying to access 192.168.100.1 that would block or policy route?

Also supports .webp it looks like: https://github.com/pfsense/pfsense/blob/master/src/etc/inc/util.inc#L3735

@JonathanLee said in Is a VPN service really worth it?: I have my VPN set up so that I have access to my private cloud (NAS) while not at home. I can remote into my VPN and access my files. Same here. I've had my own VPN going back over 20 years, to when I was using a CIPE VPN.