No what I saying is that is how you could flag traffic in windows. Then you should be able to route that traffic with whatever specific marker you put.

There is no other way I know of to tag or mark traffic coming from a specific application other than with dcsp.

You can route traffic in pfsense really easy based upon source IP, source port, Dest port, dest IP, etc. And then you can tag that traffic for other rules to process, etc. But that is not what you asked - you asked per application how to mark the traffic.

So for example you could part traffic that is coming from your browser with af11, and traffic coming from say application XYZ with af12.. Then you could tag traffic coming from IP of your box with af11 as browser, and traffic with af12 as application and then route it based on those tags i pfsense rules.

This way even if going to the same dest IP, you could could tell what is browser traffic and what is application traffic.

Yeah a regression is a possibility. But as you say, I would have thought this would have caused somebody else issues as well previously. Anything you manage to find is appreciated, thanks for looking at it.

That setting makes no difference to the firewall log it only affects Suricata logs in the System log.

You can still see the Suricata logs by going to the logs tab in Services > Suricata.

Steve

@jimp Updating :) 2.3.6.a.20180612.1214 [pfSense-core] Done! Thanks again!

Bob

A patch to FreeBSD -HEAD has been issued and we are evaluating. More information soon, pfSense development snapshots will be first to have this fix

@alexandre-dezembro

Scenario example:

https://uploaddeimagens.com.br/imagens/pfsense-png

@jimp @stephenw10

Can confirm that patch has fixed the issue. Thanks for looking into it.

[2.4.3-RELEASE][admin@pfSense.localdomain]/root: cat /boot/loader.conf.local comconsole_port="0x2e0" legal.intel_wpi.license_ack=1 legal.intel_ipw.license_ack=1 legal.intel_iwi.license_ack=1

the solution is this:
in the config file (/usr/local/etc/netdata/netdata.conf), change the line:

bind to = 127.0.0.1

to

bind to = *

and restart the netdata service:

kill <pid> service netdata onestart

As jahonix mentions, any software that wants to put in a url to pool in their software as default is asked to create their own unique fqdn for the pool, etc. So this is pfsense playing nice with ntp.org

http://www.pool.ntp.org/vendors.html

Anyone smart to even look into where or what its using for ntp should prob change this to either their own ntp servers of choice or the fqdn pool urls for their region of the globe.

For example if you want to use the pool and your in the US you should use say

server 0.us.pool.ntp.org server 1.us.pool.ntp.org server 2.us.pool.ntp.org server 3.us.pool.ntp.org

You can find a full listing here

http://www.pool.ntp.org/zone/@

Thank you for all.

Just to update this. It appears that the install on pfSense was somehow corrupt, a full reinstall gave me back access to the GUI via my VPN!

Thank you Stephen, I'll do that right now.

Honestly, unless there is a problem I don't waste my time tweaking for that extra 1 ms. Netgate uses resolver by default because it just works out of the box without the need to specify upstream servers. If you're concerned with speed, use the forwarder with your ISP's local DNS.

As for testing, DNS Bench by Steve Gibson is one such tool.

Not really. If you're using the SDEC driver though they will be connected to the input pins on the parallel port. You could try reading the port directly.
Probably easier to just try various combinations of the buttons specified by the driver until they line up.

Steve

That^.
Seems like a fairly accurate description to me.

There are 3rd party apps for controlling Denon/Marantz stuff. One of those might work for you.

Steve

So what IS working here?

Do you have DHCP enabled on OPT1? Are clients pulling a lease from it?

With outbound NAT in manu7al mode you will have to add outbound NAT rules for the new OPT1 subnet.

Do you see any alerts in the GUI? It may be failing to load the new ruleset correctly. You should still be able to ping from LAN to OPT1 though even without any new rules.

Steve

Anything special in your unbound config? Assuming you're running unbound.

Steve