Hi, Indeed I want to disable/delete all default rulesets which are created by pfsense. If I cannot do this, can i set rulsets have the highest priority then the default ruleset? Please advice.

We discover workarround : MAC Spoof on physical interface VLAN take MAC Spoof and get DHCP Mac Spoof one L2TP L2TP UP, but DHCP down, then all down MAC UnSpoof on physical interface, apply MAC Spoof on physical interface, apply All UP correctly. But after reboot, DHCP stay DOWN, so L2TP DOWN. Any ideas ?

I did it with a Lan rule to reject all connections for that station with the wan gateway. Yes, this would accomplish the same goal. For some reason using tag is not working. You actually don't need to use tag.. Just make sure you are allowing the VPS group to have access to internal resources in case you need, and insert this rule above the reject rule.

Log in to view Wow, apparently Netgate login-gates images. For logged-out users, here's what firewall rule you've got to create (I recommend clicking the "Copy" icon on the existing rule on the LAN tab): Action: Pass Interface: OPT1 Address Family: Any (IPv4+IPv6) Protocol: Any Source: OPT1 net [this is what I'd forgotten to set] Destination: any Description: Default allow LAN to any rule

@akegec Thanks for your recommendation IBM's QRadar looks very promising, I tried the Community Edition (OVA file) on a temporary VM and it seems to have a lot more features than my expectations!! I am in the process of creating a dedicated machine that can run QRadar and have logs from all machines including IoTs forwaded to this machine. Thanks for pointing me in the right direction

@rnmixon Ugh! After restoring the new config everthing is working except for one situation: We have a virtual IP with two rules that pass port 80/443 to the IP (IP#1) of an internal web server. We also have a number of NAT rules that override the destination for some ports (90x2, 90x3, 90x4, ...) on that virtual IP, routing to different IPs (IP#2, IP#3, IP#4, ...) on the LAN. NONE of the NAT rules appear to be working, the firewall log shows traffic being blocked on (for example) port 90x2 as it tries to route to IP#1 instead of following the NAT rule to IP#2. This all worked on our original config when we were running pfSense 2.4.5 and also when it was upgraded to version 2.5.1 (though failover was now broken). I'm guessing when I merged in the changes from 2.5.1 config file into my old 2.4.5 config file I must have muffed something, however not sure what - the syntax of the changes all looked to be the same as the 2.4.5 syntax. Any ideas from anyone before I restore to the old config that's size weeks old and lose all my changes? Thanks much - Richard

@johnpoz Yep, makes sense, and works. Appreciate the pointers! I need to now test here, confirm that I don't need a cert to be assigned to a user - for it to work with OpenVPN. But that's just for me to understand Thanks again.

Found a solution, it's not enough to change memory size for the PfSense VM under the "General" tab in XCP-NG. Under "Advanced" tab there are "Memory limits (min/max)" that should be set accordingly.

@enwod said in PPPOE - Fibre issues: MAC address for my PfSense router their end. Hi, What HW are you using? I need the first 3 segments of MAC, BTW: I encountered this problem, which is due to the strict MAC filtering of the service provider (ISPs) so, use "spoofed", well known manufactures MAC address block, Intel, Cisco, Supermicro, etc....

@chudak Well there you go.

There is a thread ongoing with this discussion here: Block Private Networks From Leaving PFSense Please close this post or delete it

@vjizzle Thanks! Regretfully, I did not keep my config from previous versions. I'll know to do that going forward!

@chudak said in What is IP 169.254.178.43 ?: emails from pfsense It's an email? That implies something in pfSense is triggering an alert that is sending you a notification email. What is in the logs at that time? By itself the text shown seems rather meaningless...as noted an APIPA address is self-assigned by the default when DHCP isn't functioning. But then why would pfSense even know about the IP in a subnet that's not its own? And what is the alert that is triggering...there is no alert or error as written? What is the email subject? re: Private Address, that is for creating a unique MAC address not IP address.

@stephenw10 I just had this exact same issue and registered here to say thank you. This solved my problem.

The mail server (exchange 2019) is behind pfsense, the way it's setup, my mx is pointing at duo circle (primary scannig and queue in case of server failure) then it sends it to my exchange server if i enable pfblocker duocircle gives me connection refused (network erre) on numerous emails, the odd part is......... the same IP on the pfblocker will show as pass or fail, I do not use dnsbl, just ip In my pf logs when i do add that ip to my pass list the emails coming from that ip flow through problem is.....There's a sh**** load of them.... I know.... gotta do it

@balanga said in Logging to loghost: @bmeeks said in Logging to loghost: Yes, you can configure a remote syslog server on the system logging tab. Here is a link to the official documentation: https://docs.netgate.com/pfsense/en/latest/monitoring/logs/remote.html describing how to configure this. I don't see a system logging tab. The docs mention :- @bmeeks said in Logging to loghost: Yes, you can configure a remote syslog server on the system logging tab. Here is a link to the official documentation: https://docs.netgate.com/pfsense/en/latest/monitoring/logs/remote.html describing how to configure this. I don't see a system logging tab. The docs mention: The Remote Logging options under Status > System Logs on the Settings tab allow syslog to copy log entries to a remote server. I don't have a System Logs entry under Status. I'm using 2.4.5_1 You should see exactly the same screens as user @Gertjan posted earlier. This basic menu and screen layout has not changed for several pfSense versions.

@wmheath586 you might also want to drill down further to the MAC address tables in your router. If you are using a managed switch you should be able to telnet into your router and inspect the MAC address table. This would be relevant if you are running multiple VMs and have left the MAC addresses at their defaults.