There are parts of the system that write periodically. Logs, gateway status, graphs, and several other things could be getting written to the disk, though it shouldn't be completely constant. If you run "top -aSH", press 'm' to switch to i/o view which will show you which active processes are writing/reading at the time. The normal top view is CPU only and wouldn't tell you much about the disk.

The system tracks failed logins and if there are two many (I believe it's 15 in 5 minutes) then it blocks the offending IP for a couple hours to discourage brute force attacks.

OK. Thanks everyone for their input.  It seems there does seem to be an issue with apinger….but... the main issue seems to stem from an ip phone plugged into the network (SNOM 720).  Once it was disconnected.. BAM! problem disappeared.  still waiting for enough time for the RRG graphs to verify this, but this seems to be the case. here is the graph from bandwidth (obviously from later than OP post): Traffic graphBTW.. My ISP plan with Optus Cable is 100Mbit/1.5Mbit :(

Well I have no idea what happened.. I changed nothing yet over night suddenly it's working… very strange indeed. I think maybe my DNS hadn't updated. Not ideal but at least it's working. I just need it for an assignment for uni. Thanks guys

Noones any explanation for this issue? I just want to understand where the problem is, even if the solution is pretty obvious (that is, dont bind squid to loopback) If someone maybe can explain to me why this problems occurs, that would help me a lot :)

I played with transparent HTTPS proxy a few months ago but I'm not running it at the moment.  Yes, when I did go to HTTPS sites I didn't get any MitM warnings.

Status - System Logs is the first place to start.  From there, select the tabs that may hold detail you need eg. General and Gateways.

Not that I'm aware of.  You can create firewall rules that adhere to a schedule, but not like what you're asking about where it's targeted per IP with timeouts.

@chemlud: Cards are getting bigger and cheaper and the larger the partition the lower the wear-out due to repeated use of cells? Just a short version of reasons. This isn't correct.  All modern cards I've encountered will wear-level across all cells, regardless of how large your partitions are.  Using partitions larger than you need can actually prevent wear-leveling from happening correctly depending on how your file system handles deletes.

Hi, I did some debugging and it looks like that pfSense is not specifically using HTTP basic auth when using a "custom" dyndns provider (see https://forum.pfsense.org/index.php?topic=66977.0). As I am unfamilar with the structure on pfSense, I'm not sure how to add an additional dyndns provider. All I found is the file /etc/inc/dyndns.class which seems to define how hosts are updated for a specific service, but it doesn't define which services are available. If anyone can hint me in the right direction, I'd be happy to provide a patch on github to include ydns as additional dyndns provider.

https://forum.pfsense.org/index.php?topic=80037.msg436723#msg436723

Hello all. I read that topic and tray to change some colors in file but after i refresh the browser noting is changed. Were i am wrong?

Thanks for your replies. I have the PFsense box setup in parallel, on a test LAN now, and I think I can set it up to talk to the Town's DC/DNS for further testing. Beyond that, I should be able to cut it over during off hours. We're not using any of the AD integration features of ISA (firewall rules are all IP-based), and I'd like to do basic traffic shaping for our future VOIP phone system. I'm not planning anything too fancy, just making sure there's a small amount of bandwidth available for our staff computers at all times to prevent lag/high pings. I work at a public library so we try not to filter or limit too much. We also have two domain controllers running that only support ISA, since they switched over to the Town's domain a few years back but did not want to remove ISA from it's original domain. Yikes!

The NAT trick is the proper way of doing it.  Using virtual IPs for addresses you don't own is kind of a hack.

Yes… and you can search the forums for install guides and advise.

OK i tray to make NAT.. but may be not in right way. How to make a NAT 1:1, all local network addresses to go out from one public IP, but not to use the "any" option? x.x.x.1 ip WAN <=> go out IP's from LAN x.x.x.2 ip WAN <=> go out IP,s from OPT 1 PS: there is only one WAN interface!