@stephenw10 Thank you very much for the reply. I searched, but couldn't phrase my question properly to find that.

It depends what the fibre is. It's probably GPON? In which case your options are limited.

@mattfiller said in Could this be malware in my pfSense - it is not blocking MS RDP attacks: (we have 5 incoming 3389-MS RDP Port Forwards to individual PCs so people can work from home) Yeah this is a bad idea for sure - and your going to see tons of traffic to those ports. I don't have it open but just looking at the firewall logs sees lots of noise to that port [image: 1639234463663-3389.jpg] If you have remote workers that need to rdp to some machine on your network. As suggested by @stephenw10 either VPN in (best option).. Or lock down the source IPs to who can hit that port and be forwarded. Best would be to lock down to the remote users specific IPs.. You could use say dyndns entries so even if their IPs change, etc. While changing the port from 3389 on your wan side is not really a security measure, if you used different ports to to your specific devices 3389 port, this would remove some of the log spam, and lower the amount of stuff that is forwarded to the actual client.. While security through obscurity is not something you should rely on - it doesn't hurt if you make bots looking for open rdp ports harder to find you. Once some bot or outside finds your rdp port is open, they will normally bomb you with brute force attempts to get in.. Trying all kinds of username/password combos..

Your memory usage is unrelated. pfSense does not include log4j neither do any of the available packages. log4j is not even in our repo so to be affected you would have to have manually installed it from the FreeBSD repo and configured it to be listening somewhere. Steve

@mediatek said in Installing Pfsense as a VM: After I made the change I have to do the command again... This is the main problem, That is not a problem, it is expected. That command disables the firewall entirely. It should only ever be a temporary workaround to allow access while you add a rule to allow something for long term access. You can see your rule has not created any states or passed any traffic to however you're testing that it's not matching. Steve

Assuming it's an IPSec VPN then that's the way to work around it. https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/access-firewall-over-ipsec.html#static-route-workaround And, yes , in pfSense you should never be manually editing a conf file like that. Steve

No, there's no way to change the default sort order as far as I know. Yeah, I was asking for a screenshot because I couldn't replicate what you were seeing. I don't actually think they are sorted by IP address. They just appear to be to you because you only have static leases configured. When you apply a sort order it's shown above the column and that is not that case in the default view. Steve

What latency are you seeing now? What do you expect to see? What traffic are you looking to apply this to? Steve

First learn how to port code to FreeBSD. Then port that Linux code to FreeBSD. Once it builds for FreeBSD try running it in pfSense. It may be easier to write a FreeBSD module from scratch. As far as I know there is no FreeBSD implementation so nothing we can add in pfSense currently. What exactly do you want to use this for? You realise that TCP congestion control is only applied at the end points of the TCP session? That means almost no traffic through pfSense is subject to it. It's the reason we don't include other CC modules by default. Steve

@stephenw10 said in Can't access the specific website after configuration in Netgate Pfsense: so you have Squid running Wt*** ?!? @Tiger-0 Couldn't you just post images like : [image: 1639143056544-4bb56e1f-30f2-47c1-951a-4d6e6a7b721b-image.png] The issue would have been solved in a couple of seconds. That is, for us. For you it would have been solved after you know how it set up 'Squid'.

@stephenw10 Yep, got a few ideas I'm exploring now, thanks for the assist however. I did read an article about using Squid on pfSense to get data that was decryptable in wireshark, but for the life of me know can I heck as like find it. :-)

Yeah, it will always be running in 21.05.2. You can apply the linked patch above to stop it running by default. However your free ram never gets close to 0 so that's probably not the cause here. Steve

I'm confused. Did you try installing pfSense bare metal (no hypervisor) on any hardware?

Was going to say pretty much the same thing - but Bill did it way better ;)

@stephenw10 Thanks sir, I will do that, but first I wanted to try a few more things to gather and capture data for reference, i.e. like trying the WAN>server (or something that will work since I don't have my own server setup) LAN>client iperf3 test (like in the video and the discussion post @johnpoz referenced.

It is possible to do that but using a type 2 hypervisor like hyper-v is not ideal because it relies on the host OS for it's own security. A small portable router would be better IMO but pfSense would really only fit that role for wired access. If you need to use it as a wifi client you would probably be better served by, for example, OpenWRT. Steve

@stephenw10 @Gertjan Successful restore from backup! Thanks, again, for your help.

@johnpoz said in pfSense and meraki z3: never understand why users do this. Not saying there might not be need to do such a thing. But seems most of the time its users following some "vpn" guide that says to do that - when there really is no r You are absolutely right, and that exacly what I did. I do not truly understand (hybrid) NAT or maybe most of the buttons I push in Pfsense, but I basically googled: "meraki x3 pfsense connection" and look what random people on the internet say :). I found the vendor documentation not very user friendly - then again my company does not want to deal with individual engineer that has some fancy Pfsense router. They;ll tell me to hook it up directly to my cable modem - and not use personal devices when working. If you have a suggestion, I would not mind trying a simpler better way.

@mcarson75 said in Unable to apply patch: I will flog myself accordingly. As well you should - hahahaha ;)