Ahhhh, sorry. I misunderstodd your question…..and no it wouldnt. It is a firewall.....

If you want 2 things on the same machine, run Freenas and PFsense in 2 Vm's on the same hardware....and the ISCSI to the storage.

Yeah, I'll try and gather more info if it happens again though It may be another 6 months :) Thanks

You cannot use an alias for that since it is DNS/hostname based, and not IP-based.

You might be able to install the cron package, and make a script that just grabs that list and adds it onto the end of /etc/hosts every few minutes, but even that may not work properly.

A better way might be to add those entries as a blacklist for squid+squidGuard.

This has been discussed on the mailing list many times.  Google up the discussion for the explanation.  If its really that important to you, feel free to start a bounty project to help fund the development.

@jimp:

You also need to configure your ssh client to prefer key-based login over password-based.

Excellent.  For those reading this, one easy way is to add to your ssh command line this option:

This has the effect of supressing interactive authentication for one session while leaving your default options untouched.

Hi all,
    Well better get 2.0 stable soon then hehe :)

Tks for the replies
Eric

Easy way to test if it's hardware: swap the config files for master and backup, see if the "master" still hangs.

ARP Table is also in Diagnostics > ARP Tables

However, that will only show systems which have recently connected to (or through) the firewall. It's not an accurate representation of online systems, for that you would need a monitoring system which actively pings/monitors PCs/servers.

Thanks for the reply.

The most weird thing to happen with this issue is that suddenly a few days ago - the behaviour just stopped!

There was no switch reconfiguration done and nothing changed on the firewall. The only single 'incident' that linked dot around the same time was a J2EE application restart on the server in question, around about the time when this weirdness stopped.

I will keep monitoring and have enabled sys log on the device to see if I can catch any events if/when the issue returns….

Cheeers,

JD

@Supermule:

The billing issue is the ISP downside to PF…..

Nah, you have Netflow, which is what most ISPs use for that purpose (regardless of network gear).

It takes thousands of simultaneous connections to get to that point, if you're seeing that, you have that many connections through reflection. We generally advise against using reflection at all, but it's a fine solution in most circumstances, just not when you get to higher numbers of connections that need to be reflected. High throughput environments do it "right", i.e. split DNS.

Efonne does have a branch in git that does reflection in pf, which gets rid of the nc scalability issues. That's for 2.0 only, and may have other drawbacks as it hasn't been nearly as widely tested.

If you need to save the log, you must redirect the logs to an external syslog server.

Even if you increase the log sizes, there is no guarantee you will save an entire day's worth of entries, especially if you endure a lot of port scans or other random traffic on the WAN.