Mmm, I'd be amazed if your ISP was using anything other than 1500.

@jra9511 said in Common rules for various interfaces in Suricata with Pfsense:

When I use the suricata-update command in the console, it generates a file called suricata.rules located in var/lib/suricata,

Forget everything you might have read about using Suricata via the command line when using the pfSense package.

The Suricata package on pfSense is managed totally within the GUI. Do absolutely nothing via the command line. The pfSense package is highly customized and you do not use any of the Suricata upstream supplied tools with it -- that includes suricata-update. As you discovered, that utility puts the rules in the wrong location for use in pfSense.

Here is a YouTube video from Lawrence Systems showing how to install and administer the Suricata package on pfSense: https://www.youtube.com/watch?app=desktop&v=S0-vsjhPDN0.

Yes, the next release will be 25.03.

@patient0 The swap journey with the correct use of labels resulted it it working as soon as I moved it to the mpcie adapter again I think I need nvmecontrol commands to format it again so I can get to the Optane memory. I have no clue how to do that, I use to use fdisk in dos 3.11 so using something outside of gpart or fdisk etc. is very new to me, I assume that the nvmecontrol has format specific commands to use to get access to the Optane memory but who knows right, fun stuff I love stuff like this, I was thinking Intel might also have a label that is specific to using the Optane for a swap, pfsense I learned has the use of swapX X=some number and the software uses it, so maybe if I use a label the Optane controller will pick it up and use it.

Screenshot 2024-12-23 at 08.11.13.png

@Gblenn
Thank you
That’s great advice
Merry (or Happy) Christmas or Happy Holidays

Thank you, I’ll give it a try and find out.

@mer it’s on a external drive so if someone grabs it and takes it my credit card etc is not on the drive as it’s encrypted non readable. Again it’s not internally stored, FreeBSD forum recommendation was to use Eli for external usb swaps as they can be grabbed and walk off.

TIL about the System Patches package and path strips. Thanks for your help @stephenw10 . We're back in business.

My reboot issue on 24.11 has NOT been resolved!

So 24.11 is unusable to me :(

Netgat TAC support guys suggested it's an h/w issue and offered to wipe out my drive and try to install it clean. I tried uninstalling a bunch of packaging and it did not help.

I am hesitant to wipe out my drive as I will lose my boot env snapshots.

Just posting here for posterity.

@Gertjan So I used both tcpdump and radsniff to look at packet traces, but I can't see any issues. In both cases (working and non-working) the radius server sends back an Access-Accept message with the same set of fields.

@stephenw10 - Excellent! Patch worked. Glad I wasn't imagining things.

Our solution at this point :

Automatically :

Remove unwanted boot environnements Update the train to the stable version Check upgrade availability (pfSense-upgrade -d -c) Prefetch all packages (pkg fetch -u -d -y)

So we want finally launch the upgrade (pfSense-upgrade -4 -d -y) it's faster !

@JonathanLee said in issues with dumpdev in /etc/defaults/rc.conf:

sysctl debug.kdb.panic=1

b9160abf-7a3b-47d4-a8c5-0ace4dae0fe1-image.png

Custom solution

add the cron copy the rc.dumpon to rc.dumpon.old
add the new info

and it works

I'm referring to the recommends patches list in the System Patches package. I can't see anything there that should make any difference to dnsmasq but it's worth trying.

@froussy yeah as long as you connect in on something other than what is being changed you should be fine - if something goes wrong and your change isn't working you can always switch it back, etc.

Over the years I have myself shot myself in the foot a few times, its never fun.. ;)

Always give yourself a backup/backout plan.. When doing change on a cisco router or switch that could be problematic etc, always put in a reload command on a timer.. So worse case if goes wrong - it will reboot say in 10 minutes and your back to the start, if your change worked as you expected and all things working you can cancel the reload and save the config, etc.

I mean the switch/router rebooting might be a shitty outcome and maybe cause a service interruption, but that is far better than being in a broken config for a length of time until you can get to the site to fix, etc.

I mean your switch of interfaces should be no big deal, and work just fine, etc. "But" what if it doesn't and now you can't get in to fix it.. Better safe than sorry..

edit: I once getting cocky after so many eventless upgrades - had just clicked upgrade on a one of the old 2440 netgate boxes while home after work because figured hey nobody is there so they won't notice the few minutes of down time while it upgraded... Well it never came back and had to go into the office early to fix it. Only took a few minutes to restore and get the upgrade done when I was there.. And that was always my back up plan in case of disaster.. But this is why during covid and locked out of the office I didn't upgrade anything remotely ;) heheh

Better safe than sorry is good motto to live by ;)

@AJ847-63 said in Setup and add PFSense router to existing network:

trying to figure out why disabling WPS on a router solved speakers not being detectable in the app (despite everyone including the product designer telling me that's not possible)

Ha, I know that feeling! And, yes, hard to see how that would have any effect. Yet....

But, yes, I imagine the Asus router is connected to one of the LAN ports on the Telstra CPE?

In which case you should be able to connect pfSense to one of the other LAN ports on the Telstra without affecting any of the existing network. Just make sure there are no overlapping subnets.

Then you can experiment with pfSense and move things across to it when it's ready.

Yup, two completely different crashes again. I would definitely do a memory test here as a next step. A software bug would not present such widely varying crashes.

@conover

Install pfBlockerng-devel first.

This will install pfBlockerng-devel, and install the de-install instructions.

Now de-install.

I understand, thank you for the details and fast reply.