It won't. It will only ask you to reassign the interfaces if the config file contains interfaces that don't exist in the system. That obviously won't be the case for you as you exported the config from that same system. Steve

The new disks widget in current snapshots (shown above) has all that goodness.

@gertjan said in SSL error for 3x IP blocklist updates all three from letsencrypt: https://kriskintel.com/feeds/ktip_malicious_domains.tx Stranger and stranger. Ive just checked again, not only is kriskintel.com not in my ktip_malicious_domains but NONE of the others in your screenshot are either. This is my "K" list: (hah it wont let me post all the domins, the board thinks it is spam - suffice to say there are about 30 to 40 "K" domains and none of yours are in there) Granted, I dont use lots of lists. What lists are you pulling from? Im only pulling from the malicious DNSBL and ransomware IP.

The actual issue here is that fsck (which runs at every boot) can mark the filesystem as clean when in fact it is not. That's why when you run it manually you must run it at least 3 times. It will always come back after the first pass with 'file system marked clean' but it may not be and that's when you get panics at mount. Steve

@stephenw10 thank you very much, it is fixed.

@elenaydamonsalvatore Sure it can.. Bind runs dns on the planet ;) I just wouldn't suggest you do it.. its 1 box on 1 connection.. Why not let the big boys do it, you could have 4 or 6 NS all on different services. All on global anycast networks. For pennies really..

@rajid Thanks, everyone, for the help! It is very much appreciated!

@stephenw10 i ended up updating. i am now currently on the latest firmware

You are seeing that cert error in Windows when trying to access the other firewall GUI across the VPN? Are you accessing by IP directly or hostname? Steve

@edgerouter I have the computer described in my sig. Works well.

You could remove them but they are only used as a fallback by default. And they look to be responding fine. If you check the DNS settings in System > General Setup there is a field for 'DNS Resolution Behavior'. By defailt that is set to use local (Unbound on the firewall) and fallback to remote. The remote servers there are 1.1.1.1 and 8.8.8.8, it doesn't appear to be pulling any additional servers on the WAN via DHCP. I would upgrade to 2.5.2. There are a number of big fixes there over 2.5.1. Steve

@duja You could try suppressing them in the arpwatch gui [image: 1634157041744-suppress.jpg] But that won't remove your kernel arp entries.

Removing the 'block private networks' would not have been what solved that. That rule blocks incoming connections which are sourced from private subnets. It's applied on the WAN directly because you would usually never see traffic from private subnets there. The only time you would, and might want to pass it, would be from a client connecetd to the ISP router directly. Importantly though that rule, on WAN, never blocks outgoing connections or replies to them. Steve

https://docs.netgate.com/pfsense/en/latest/general/sell-pfsense.html

Yeah I would also try enabling DHCP on OPT1 and setting a client to use it. That will prove you have a good layer 2. DHCP traffic is always allowed. If it then pings correctly the static client setup was probably incorrect somewhere. Steve

Nice.

@deanfourie said in pfSense constantly crashing: Could this really cause something so catastrophic like a kernel panic? I adivse you to make this a priority task : Have a look at what's been said about 'realtek' for 'serious' applications like routers. I've no solid proof, but their is this common knowledge that you should stay away from this brand, just to be on the safe side. Realtek over USB ? That's like playing russish roulette with 5 bullets in the 6 chambres, instead of one bullet. Ethernet over USB : that's just a big nono in your situation. If it works, ok, good for you. But that kind of hardware should be removed if you suspect issues. So : first go native, classic bare bone : a device with two (or more) real NIC's. test drive that. If still issues, then you know the device (drive or motherboard or power) has an issue. Don't do tests with realtek or USB NICs nearby.

@denverdesktopssupport You can simply set up a second VPN and enable or disable them whenever you want.

@stephenw10 I actually just updated to 2.5.2, but the notification for the crash report was still there so I decided to post it here. Should I clear it and hope for the best?