@TMG Just note that with a bridge all packets between those computers goes through the router. So that could impact CPU usage on it for example, or network speed.

You mean you also couldn't connect to internal resources?

@firefox 1. boot environments, also less issues with cold boot resets. More stable filesystem.

@stephenw10 Good ideas. Thanks all! LRP 0

Ok so hit return to reach the CLI. You can use bectl there to switch BE snaps if you're running ZFS. If you're running UFS you can run an fsck: https://docs.netgate.com/pfsense/en/latest/troubleshooting/filesystem-check.html#manual-filesystem-check

Hmm. Does it do it every time you visit that page? If you clear the php error is it regenerated?

@stephenw10 I didn't find any options in System/User Manager/Authentication Servers to keep them both configured but one enabled and one disabled. I confirm that they both work if there is only one configured at time

@michmoor said in rate limiting / policer: Shaper wizard Yeah sorry, low on coffee. Same general idea though... LAN outbound to *:443 limit 10 Mbps is one pipe. LAN outbound to *:443 limit 10 Mbps with a mask of /32 is one 10 Mbps pipe per device. "When a limiter is set for Source Address or Destination Address, the pipe bandwidth limit will be applied on a per-IP address basis or a subnet basis, depending on the masking bits, using the direction chosen in the masking."

@Gertjan Munin... haven't seen that in a long time!

as a home user I am also taking the Official Announcement or send me an email since I have a pfsense + install...either way please let us know asap some of us are disabled veterans- well at least I am and have strict as frick budgets

Yes if you set Unbound in forwarding mode you can just point it at the local DNS servers on the network.

@stephenw10 said in Yes, I know! Another OPT1 and OPT2 no internet connection!: what could possible cause dhcpd to listen on a different port like that. Yeah - what would be the point, if dhcpd can not bind to 67, it should just fail with an error could not bind, etc. Not like dhcpd could work if not listening on 67

@parry Well I don't know about 2.6 but it's in the package for 23.09 so I assume it would be in 2.7.x: [image: 1701742592652-30d95061-8bf3-4927-ac89-d7f3b3173a28-image.png] You might be looking at pfBlockerNG vs pfBlockerNG-devel? -devel was moved/copied into non-devel I think when 23.01 was released, so they are identical now.

@stephenw10 Oh my god. Well, this has made me realize that I had dhcpd in my service watchdog even though the DHCP service has switched to kea. I've removed that and logs are looking much more calm. Thank you!

@viragomann Thanks for the explanation! It puts my worries to bed!

@stephenw10 Thank you, sir.

While we are likely to include the patch from that EN in future builds it isn't relevant to Unbound. They only use those sanitizers for debug/test builds and not for normal/production builds.

Well as I say both ways should work if configured right. I've not played with Tomato specifically but I'm familiar with dd-wrt and openwrt and both would require VLANs internally for most devices. If a phone works on that ssid it's probably fine.

@coxhaus okay got it all figured out (refuse DHCP to unrecognized MACs, and firewall rules to block IPs outside of your range.) this worked very well and I was able to use the Access Control on the netgear as well so that WIFI clients could not connect either. I am now completely up and running, I have addressed my speed issue by just getting Intel (ET PRO 1000) dual Ethernet adapter and just disabled RealTek Nic's. I am now getting the speeds I am paying for and I can see that everything inbound is block, no new devices can connect very happy camper here, [image: 1701631771981-28db92cd-b0c5-40a5-aba3-14a4ad01651e-image.png]