@patient0 just a quick note, I updated that script to operate correctly on newer versions of pfSense (2.8/25.07). Let me know if you run into any issues.

Just a quick note, I updated my script to operate correctly on newer versions of pfSense (2.8/25.07). Let me know if you encounter any issues.

@ser There is still the IP block option which really BLOCK's it, but is maybe also a little cumbersome. You could look into using the package pfBlockerNG and then select one of two paths: 1: If you can force all clients to only use your pfSense as DNS you could block all DNS lookups that relates to Spotify. That would effectively either require a some good google-foo to find those names, or alternatively setup at test and have your DNS server log all queries when Spotify opens. 2: If Actual blocking is needed rather than just preventing nameresolution, then pfBlockerNG can also be configured to import lists that contains IP addresses. I'm sure there is some site somewhere that maintains Spotify's IP in a list - alternatively you could attempt to fetch the ASN ownership of IP blocks that Spotify owns, ,but that might not cut it (CDN's and such...) Option 1 I ususally the easiest and best working model even though it only prevents nameresolution rather than actual blocking.

@louis2 Hello ! Thank you for your work with pimd ! I have been able to test your pimd binary, it seem to work but I still have the same bug I discribed here When starting PIMD, after a few seconds it works as it should, seeing multicast sources and routing it if needed. But after about 3 minutes, PIMD is "loosing" multicast sources even if pfSense still receive this multicast traffic (packet capures, and network traffic). PIMD does not "receive" multicast source anymore. Restarting PIMD makes it see again multicast sources until it looses it again after about 3 minutes. @louis2 do you have the same problem ? I really do not understand why I have this

@dennypage Thanks for the info. Yeah, it appears somewhat complicated with IPSEC. ARD works over IPSEC but without live status and system information, which is what we had hoped to get working over our old IPSEC tunnels. ARD works fully with OPENVPN for us. Has anybody else had some successes here? Thanks, Alfredo

Indeed, not an easy way I'm aware of. I'd just reinstall clean to be honest. However you may need to wait for the 1.1 installer that has a 'low resource' mode to allow writing to a 4G eMMC.

Unless you need to accept inbound connections there it should only be an outbound NAT rule. Even if you did have inbound connections a port forward is often better. You shouldn't need to manually add any rules though as long as the gateway is added into the new interface. That will trigger the auto outbound rule to be added.

@SteveITS said in 2.8.0 fails to save SMTP Notification password: The test button text does say, "The last SAVED values will be used, not necessarily the values entered here." Ah, but that's not what actually happens. The just-entered new password IS used for the test, but then forgotten by the time you scroll down and "Save".

@stephenw10 Thanks. Just finished the reinstall and have Plus.

Hmm, you should be able to check that. When you add a server there it should be added to /etc/resolv.conf. If it has a gateway set for it you should see a static route added for the server IP via that gateway in the routing table (Diag > Routes).

Yes both nodes would have to have the same WG config.

@ebcdic What software/hardware are you using to publish? If you haven't looked at WeeWX, you might give it a try as it would certainly address the issue. Just a thought.

@stephenw10 This was definitely not a button push on ours either. Both units are in locked cabinets in a colo. Any access to the facility is logged. @SteveITS As for it going to standby or hibernating, the person who went on site the LEDs were normal. Nothing indicating a state change or issue.

@sigulete You solved my problem, thank you !

@jhg Read also Alternate Remote Backup Techniques.

@NetRunner8050 said in PHP Fatal error: Allowed memory size of 536870912 bytes exhausted: my reputation isn’t high enough yet Solved that.

@SteveITS Thanks, as I think you clarified a simple mistake I made. After you said "add/configure" the interfaces I realized I made a miscalculation of how simple it is to refresh these. The NAT/FW/DHCP tables only utilize WAN and LAN assignments and those assignments are programmed to the physical hardware. WAN currently being re0 would be igb0, LAN from re1 to igb1. So this would only take about 5 minutes. Silly of me. Thank you sir, the obvious eluded me.

OP, if you follow this you cannot go wrong, plain and simple: https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html

Mmm, that could be a gui bug only since the IPs are the same. Edit: Yup I see that here too. Digging...

Yup you would only see states while they're still active. So if you are not seeing attacks that often you'd have to get lucky to catch it. But you should see those by filtering for: 22 [image: 1753575304735-screenshot-from-2025-07-27-01-11-58.png] What rules do you have on the VPN interface(s)? It would be unusual to see connections being forwarded to you there though.