So where that rule is located is important. Screenshots would definitely help.

me too here, I would consider that will be the right way to help out. Many users see what they
were setting up but we all must imagine it, or digging it out the nose step by step.

I have 3Access Points (AP) which is plugged into our switch, which is plugged to our pfsense and internet cable is plugged into pfsense.

Are they configured with one SSID only or are there more od them (SSIDs)?

The previous guy before me have AP IP under pfsense -> firewall and under destination section he have selected 'LAN net' under type.

Again are there also other SSIDs perhaps on top of this each in hois own VLAN with his own IP address range?

Is this required? our AP is plugged into switch which is a LAN network so I have have to specify it again on pfsense?

If he was setting up aliases for LAN, Guest and other SSIDs, it might be making sense but if not and
only one SSID is in usage it can be also a "placebo" rule with no effect, or in plain a false rule.

Am I missing something?

VLANs in usage?
How many SSIDs?
Captive Portal in usage too?
radius Server in usage too, but not in all VLANs or for all SSIDs?

You seem to have forgotten the close code bracket or it got cut off – your post is really really long ;)

I see the start code bracket so if the end bracket was there code would of been in a smaller scrollable window..  I do believe.

You might want to edit the post so future readers will not have to scroll down pages and pages to read the thread ;)

Other option with such long amount of info would of been to attach txt file..

Hello,

like many ISP subscribers, I'm behind a DS-Lite type connection with globally routable IPv6, and no public IPv4 address (IPv4 connectivity through IPv6 softwires to CGN). All VPN providers I tried up to now sucked, because they either lack IPv6 support entirely, or implement it only partially or incorrectly. All this resuling in copious IPv6 leaks all over the place. Since I need to connect to IPv6 servers too, following the advice of the VPN providers to simply disable IPv6 isn't an option.

I'm still waiting for a decent VPN provider with up-to-date (full) IPv6 support. Even something like perfect-privacy.com isn't there yet, since they claim to be able to multiplex IPv6 and IPv4 traffic over the same IPv4 tunnel, but according to their tech support, they don't yet implement IPv6 envelopes, i.e. tunnels to IPv6 servers running openvpn bypassing those pesky CGNs.

Or maybe things have improved since I last checked? Any suggestions for decent IPv6 VPNs highly appreciated.

when you nest aliases, the CIDR is ignored on that line.

Just enter the alias name, it will figure out the rest internally.

It means the repository metadata was updated, it's what keeps track of how your update branches work under System > Update, Update Settings tab.

In this case, it means we changed the repository data such that if you select "Development Snapshots" you can move to 2.4.1 snapshots. We usually keep that pointed at the same target as stable for a while post-release, but in this case we're having a very short dev cycle for 2.4.1 so we are switching it back sooner.

huh??  Dude really at a loss to what your trying to accomplish here..

If your just going to source nat all these clients at your site A.. Why not just set the server to all allow the IPs from that site?

As to a connection coming into your server via a port forward I assume.. Why would you want to make that look like to the server it is coming from a specific IP?  Why not just allows the IPs it might come from in this server as well?

Yes, Pfsense has no problems with it. Im afraid i cant change it on the Remote Barracuda.

Thank you guys!

at the moment I have two file:
/var/etc/mpd_opt1.conf
/var/etc/mpd_opt2.conf

How can I do to modify these files?
which name the should have?

Well, it's not your firewall riles.

Check the local firewall (think windows firewall) on the LAN hosts.

Thanks, I'll experiment with this tonight.

thank sir for the quick reply…

I have comcast business. My ip range is /29 so the following x.x.x.222 is my modem/router, x.x.x.221 thru x.x.x.217 are available for routers. When configuring the WAN port I put in IP address x.x.x.x & x.x.x.222 as the gateway and all works well. Also if I do plug into the cable modem with DHCP I do get a DHCP address like yourself.

I have pfBlocker and DNSBL active.  I will try the fix, but….

I also had the issue with SMTP.  It has to do with SMTP trying to read the CD-ROM drive.  I added the pfsense CD to the ROM drive and CPU went down (I also have not had the hang issue again after adding the drive).  When I get home, I will be removing the CD-ROM all together.

Restarting opera on its own wouldn't necessarily clear the cache, still worth a ctrl+F5 or shift+reload

What about the second question.  Is there a rule I can apply to protect unpatched devices?