What exactly are you wanting to prevent access to - the firewall on what port?  And from what interface the dmz?  Where is this user that is going to change his IP?  And you do understand that its just as easy to change mac address. You can setup static arp on pfsense - so specific IP can only be talked to on a specific mac address.

Good luck.

@garyd9: @j4k3: "However, the content is only requested once and is immediately turned into a traditional alias. " You've misread the information.  Read only the section for "URL Table Aliases".  The section that follows it (URL Alias) is something different. The refresh info for the "URL Table Aliases" section is:  "The URL will be periodically downloaded and refreshed." The question is, how often is the alias TABLE refreshed.  There's a setting for that somewhere in pfsense, but I don't remember where exactly. (I'm starting to sympathize with some of the more… abrasive forum members here.  I did the google search for you, gave you an exact link, and even pointed you to the proper section of the page...) Yes, I apologize gary. My eyes jumped to URL Alias and my brain did not heed your advice to "URL Table Aliases" Thanks

See here- https://forum.pfsense.org/index.php?topic=126523.0

Not that I've ever seen. The same limitations apply for that role.

I researched and i believe, I know the reason. The group is received by pfsense only, if: -the created user in AD (e.g. 'vpnuser') is member of at least two groups (e.g. 'Domain-User' and 'vpngroup') -if the AD/pfsense group (e.g. 'vpngroup') is not the default group of 'vpnuser' Just tried to replicate this .. Strange, but it is as described above. btw: the extended query still not working, but that is another topic :) Edit: everything perfect right now, even with multiple extended queries.  

@grandrivers: sounds like noise on system t-3 upstream or return noise where t-4 could be in either upstream or downstream Argh, I know you're right but I don't want to believe it.  I've been battling with comcast over noise issues for years now….and granted, things are better, but not great.  I thought I would try to rule it out but I guess it really is the noise.

Glad the topic was of use of you HeMan.. When I saw this show up as something new it - was at first ah shit some spammer necro an old thread ;)  Nice to see it was someone actual used the info contained in old threads for what they are meant for ;)

Whichever log you see the "suspicious" entry in, post it in that section. For example if it's a firewall log, post in the Firewall board. If it's in the OpenVPN log, post in the OpenVPN board, if it's a Snort or Suricata alert log, post in the IDS/IPS Board.

Thanks I've disabled the update checks. Only things left are System Information, Interfaces, Service Status, Interface Statistics and IPSec. I'll see how that goes. Thanks

If you run it by hand in the console then no, it doesn't log that anywhere as it's output straight to the terminal. What are you trying to track down?

Hi, I think I just solved my problem and tough it would be a good idea to share. at first, I completely reinstall pfsense on an other computer. Everything was working. Put back my config.xml backup and so far so good. Unplugged my router and plugged my new pfsense. My modem did gave me a new IP so i rebooted it and boom, lost the webui access again. I decided to unplugged the modem and try back. The webui was working back. I started to check my config and found something under wan settings. At the bottom of the page there is Reserved Networks settings. I unchecked the first one " Block private networks and loopback addresses ". Tried to plug back the modem and everything was working fine. I noticed that my modem had problem to communicate with my ISP servers so it was giving a private IP "192.168.100.10" Contact my ISP to reset the modem and internet was back. I checked back the option under WAN settings but I want to know if I should keep it unchecked or not. Thanks

Not sure about "after 2-3 hours", if you want to throttle it in general, have a look at Squid delay pools.

you probably want to set the verbosity level higher then default (no clue how high: experiment) then you could script something to fetch/parse the required data into a text-file or html clog /var/log/openvpn.log | grep Initiated > logons.txt clog /var/log/openvpn.log | grep Inactivity > timeouts.txt you probably want more complicated regex or use different tools instead of grep to get it nicely formatted/sorted