@pfBasic: Has an ISP or even an individual ever been successfully sued for.downloading (not distributing) copyrighted media? If so is certainly the exception not the rule. Realistically he has to worry about getting his internet throttled or cut off which would affect his business. I dont think so, the laws are just very convoluted on the matter, and confusing lol. So Big ISPs do not give out info, unless there is a court order, for them to do so. So Like was said I think the notice is the worst that ever happens. There is a clause for "Hotel Wifi" and that states, that as long as the guests use a completely different Public IP (took care of that today they gave me a bridged modem and a /29, so I am directly routed.) I also cannot monitor or have the ability to monitor setup, what sites they visit, or keep logs on it. Easy lol. So in those regards I am clear, now, I was not before (we used the same Public IP). The true ISP way to do it, would be to get a /26 and give each user an IP, that is tied directly to them, and while that would work for long term guests, that ability is slightly hampered by short termers needing a bridge to my network. I also, have been configuring the guest lan with some pretty strict firewall rules, to help somewhat I hope. I am slowly opening on anticipated need, and locking them down hard.

traffic shaper related I think, looks like one of your queues has its share of bandwidth too high.

When you say "anything above the CIR will be discarded", do you state this as a fact or a requirement on your end? If it's a fact, then let the ISP drop the packets, TCP will back off. If it's a requirement, then you will need to use one of the traffic shapers. Different shapers have different characteristics.  HFSC has the most correct implementation and should be nearly perfect. Just enable traffic shaping on your WAN interface, set to HFSC and assign a bandwidth. Don't need to configure any queues as the entire interface will be limited to whatever rate to specify. Depending on your circuit, you may need to play around with some settings. If your circuit is unbuffered but hard rate-limited, you may need to reduce your bandwidth slightly under your provisioned amount due to scheduling and bursting. You may need to reduce your bandwidth a bit anyway because they may be calculating bandwidth differently, layer1 vs layer2 vs layer3, and possibly layer1/2 that is different than Ethernet.

Noeone has an idea? Please help i think its only a little failure :(!

Turns out it's more difficult than that for afraid.org.  Gawd! In their interface you have to click on "Dynamic DNS" then click on "Check out: dynamic update interface (version 2)!" Then click on "activate" after ticking your IP's which will then ACTIVATE them for Dnyamic DNS…seriously?  That's why I'm there LOL can't you just activate them?  My gosh afraid!!! Now they're active AND you get a proper URL without the special character "?" in it! Done...the struggle is real people LOL.

what version of ntopng is everyone running? Mine seems really low compared to the advertised version.

Can anyone offer any suggestions please?

It doesn't make any sense. Will have to try other hardware and ultimately another router. To rule out the problem. I don't think it can be Vmware since i can meassure the full speed on both sides of it. (both adapters)

So my wild guess here is, there is no default filename and the GUI doesn't offer any method to set it or change it in dhcpd conf. I could set it manually but yeah it would get overwritten by each change of config. So I'd need to change the source template. Where can that be found? Honestly expected more from the much praised pfsense. Apparently <2.3 had that feature but not anymore.

Have you or anyone else found a solution to this? I am stuck with the same problem!

To add to what PiBa has mentioned, click this link, this example has a couple of screenshots showing how to use the AS numbers to block Facebook.

I have also added a firewall rule for the associated interface allowing all traffic (source and destination) but still no difference.

@tim.mcmanus: @randomaustralian: does pfsense handle multiple internet connections and load share? If you have more than one WAN link and they are not going to the same gateway, pfSense can use multiple WAN links.  What it will not do is bind together two or more WAN links and aggregate a connection across the combined WAN links.  It can have multiple connections across WAN links by allowing each connection to go over a different WAN link. this is what i was hoping for

I've answered my own questions.  Found info in topics that didn't really relate to mine but something tripped my brain into understanding what was going on.  It's the damn commas that are screwing it up.  That's the last thing I would have thought, that's how sharp I am.  I saw trying sed to attempt to color logs and that lead me to think of just stripping the commas and that works well enough for me.  I just used: clog -f system.log | sed y/,// | ccze Sorry if this was too elementary[it's actually surprising to me that I figured it out.  Yes, it seems I'm talking to myself.  Is that a problem?  No, not unless you start having a dialogue.  Oh, OK.]