See here too: https://forum.pfsense.org/index.php?topic=117557.msg651859#msg651859

So you're getting flag using FTP over HTTP through a web browser?

Hi 2 reasons for trust in one ip-block-list: Reputation and common sense, and this list does not satisfy the second condition (block all net and subnets for dreamhost, forum.pfsense.org , etc, crazy :) ) Regards.

It's most likely related to an incorrect entry in extensions.ini or something out of order there. You may be able to fix it by forcing a reinstall of all the php extensions from the shell. The problem won't exist on 2.4 or 2.3.3 because the way extensions are loaded has fundamentally changed.

Since performance is largely dependent on hardware, any such limit would be hard to nail down. It's reasonable to have an upper bound but figuring out what that might be across various hardware platforms and combinations would be an adventure.

There are lots of online scanners such as Shields Up.  Install and learn nmap if you want to go deeper.

Why such an old version? Try it again on pfSense 2.3.2, or at least 2.2.6.

Pushed a change to force <tag></tag>rather than <tag>This should make the config file more consistent.</tag>

The log format of what? The filter? Or something else? None of the log formats are customizable, though if you have enough C programming knowledge you might be able to change the filterlog daemon to output the format you want. But it's not simple nor possible on the firewall itself.

Look in the main system log, it should have an entry there as well. Something has to be generating the notice, and it's most likely from a package. The log entry from the main system log may at least show you the script that was running which generated the notice.

"Since bridging anything is just a bad idea" Hey there you go your getting it ;) So I am really confused with this statement EM2: VLAN 551 EM3: VLAN 552 Brg551552: Bridge of 551/552 So your 2 different vlans are on the same layer 3 network?  Makes Zero sense.. If your wanting to bridge 2 layer 2 networks.  This would become 1 vlan..  With 1 layer 3 network on it.  So why would you call it 2 different vlans with 2 different vlan tags?? "Once spanning-tree was disabled" That seems like a really bad idea if you ask me…

It was already covered in the book but I added it a couple places in the wiki just now.

It's not intended to be used that way, so there is no way to make that work easily. You'd have to keep XMLRPC disabled (remove the user/pass/URL) and then fill it in only when the backup is online. It would be better to keep backups of your running system and restore a full to the second box when needed, or always keep it online. The sync doesn't happen randomly, it happens any time there is a configuration change.

Thanks I'll try this.

I have never done that but I would think that would mean all rules on both the member interfaces and the bridge interface are ignored.

$44/yr is expensive?  Most people have paid that in Netflix fees in 4 months…