@jwt: We invest tens of thousands of man hours every year developing pfSense.  Do you remember the complaints about how pfSense was always lagging the FreeBSD releases (by a lot)?  Did you notice that we're running FreeBSD 11-ALPHA5 here? Yes I remember.  I was one of the complainers.  Thank you for picking up the pace.

Thanks ! but I don't see the Kernel config files.

Yes,you can use pfBlockerNG.

Gateway IP is automatically assigned when "dynamic" word is written. Go System>Routing New , choose OPT1 and put your gateway there. Or go to Interfaces>OPT1 and put your gateway. if that didn't work try to put static IP for OPT1 interface not DHCP

If you are using google chrome, just try different browser or update pfSense to the latest version 2.3.2_1 which is released yesterday. 2.3.2_1 Features & Changes Worked around a Chrome bug with regular expression parsing of escaped characters within character sets. Fixes "Please match the requested format" on recent Chrome versions.

The Virtualization forum is here. what should be the ip, what subnets and what rules. Use any other private network subnet.  192.168.2.1/24 for OPT1 interface.  Don't forget to add an Allow All rule since OPT interfaces do not get any firewall rules by default. How can debug this ? If two different clients on the same network behave differently then you need to look at the misbehaving client.  Local firewall on your OMV perhaps?

I don't know how to read the dump, but I did notice this, probably unrelated, bit of info being spammed arp: 10.0.61.230 moved from 84:2b:2b:47:df:7e to 84:2b:2b:47:df:7f on em1 arp: 10.0.61.42 moved from 00:1b:63:39:64:d5 to 00:1b:63:f1:ef:b3 on em1

Many thanks to all! Should have use a UPS lesson learned. recovery board ordered and it's on the way. Cheers

if Squidguard is not able to handle too many requests due to performance or settings issues Strange.  squidguard has no notion of child threads or anything since it's called on-demand by squid.  If squid doesn't have enough children, then processing should slow down but not just completely ignore the calls to squidguard to process the current URL. Regardless, this can be addressed by increasing the number of child threads in squid's Advanced Options - Integrations: url_rewrite_children 16 Bump it to a higher number if you have slow processing caused by lots of users.

It was not written by anyone involved with the project, and has generally poor quality overall. On top of that, it is now very, very out of date. Search around the forum you'll find some older discussions with not too many kind words about it.

If you only see "revert" then you already have the patch applied. 2.3.2-p1 includes the patch already, you do not need to do anything if you have updated.

I'd love to be able to slipstream my config into an install cd that runs on boot.

Cable modems… Rebooting the modem only doesn't help? Is your WAN interface configured for DHCP? Having it get 0.0.0.0 is different. It's usually something like 192.168.1.100. What does Status > Interfaces look like for WAN when it is failed? When it is working? The System and Gateways logs are other places I would start.

Looks that way. Register it (www.pfsense.org/activate) and open a ticket. Refer to this thread and RMA should be easy.

Ah, after ages of wondering what on earth is going on, checking settings over and over, it seemed the interface had been unselected. So em0 was no longer em0. How annoying is that! Anyway, online and all good.

I really don't get why you don't just vpn, its sure not overkill.  And allows you do other stuff other than just ssh in.  I can vpn in from my phone, my desk at work via a proxy.. Click I have the vpn connection. As I stated before if your going to allow ssh on the wan.  I would look it down to only the region of the world your going to be coming from, and yes turn off password auth.  If possible lock it down to your actual IPs or netblocks you will be coming from for remote admin.  This is quite easy if your admin your own remote sites from say hq or your house, etc. If you leave it open your going to not only get firewall noise of a hit, but log noise of them trying to log in even if you have just public key.  If you want to reduce that noise then change the port - but this might be a limit to where you can access it from if they are not allowing for your non standard port outbound. One of the nice things I like with openvpn is running it on 443 tcp which pretty much always open if there is internet access where your at.

sorry, but anyone could suggest complete list of yahoo ASNs…thx

those lines are exactly what I see whenever my system boots up but just continues to normal boot after that. I can now do a clean install of 2.3.2 CE version again. Thanks for the reply!

Any host needs a route to the networks it wants to reach outside its own subnet. The default gateway is the router the host will send traffic to that is not in its local interface subnets and for which it does not have a route in its local routing table. This is typically the interface address of the router on the host's subnet. Look at the diagram I link to below. The default gateway on Host A1 would be 172.25.232.1 The default gateway on Host A2 would be 192.168.1.1 etc.