@VioletDragon said in pfSense Auto Backup: Do you know if this will backup configs for like pfBlockerng, Snort etc? You've missed somehow what pfSense is. Ok, its a firewall router. Like many out there, With tonnes of extras. The main difference with other firewalls is that is is for 99,9 % Web interface driven, and it has just one (1) config file. This file contains everything. Just read it : export it and open it in a text editor. You'll get the picture quickly.

No worries, glad you were able to get back up and running.

@CatSpecial202 there is another thread going over this topic actually.. 587 is explicit use of tls, ie it would make a non secure connection and then use starttls to to convert to an encrypted session. While port 465 is implicit connection only, so no that checkbox would prob not work on port 587 here is the thread where that is being discussed, kind of as a side topic https://forum.netgate.com/topic/190885/empty-message-id-in-smtp-test-email

@stephenw10 Thank you so much

@Gertjan Thank you, This helps!

Yup, check for watchdog errors from the realtek driver. If you see any you definitely need the alternative driver.

For reference when coming from 2.7.0 you almost always need to run certctl rehash in order to see the update. That's fixed in 2.7.1 but it appears you may not actually have been on that.

Apologies for my late reply! The IP does change from time to time, but usually over a long period (a few months). I've received such notices from the ISP for many months too, though I'm not sure if it was the same or not when they first started emailing me. That said, I never thought someone else having the IP before could have caused it. It's the only plausible explanation that I've come across and could well explain it. I did think to contact my ISP, but they're totally useless at the best of times. Will be switching to another provider within a couple of weeks, so will see if it continues after that. Also, just a thank you to everyone who offered help

No, it is because my streamer is not from an official Spotify Connect authorized vendor. Instead, they use the open-source Librespot client library, which can be flakey depending on its implementation.

@johnpoz I will report and check out logs...also on my Mac, for now, interface acts stable... I dont do on my Mac Torrents downloading or magnet or stuff in the DarkWeb...mostly using just email and webservices and online tv on my Mac. But who knows, I often see in pfblocker up to 500 attacks per hour...on WAN Interface, my Gateway is Mullvad VPN over WireGuard, which nearly never gets attacked. But sure, that hasnt do to with my Mac Interface went down and up randomly, Thank you

@johnpoz Sounds complicated, I'm very new to pfsense so a lot of my work on it have been guided by videos and how to guides, I have not longed started with pfsense and I am still getting used to it.

@Rookiesense Well in that case you have no option but to keep the ISP modem. But you should look for an option called "bridge mode" (or perhaps "pass thru" mode). In that mode, you should get a different IP on pfsense WAN. The same you would see if you go to whatsmyip.com = your public IP. If not, you have to live with a double NAT situation, but then the DMZ is your best bet. In the ISP modem, make sure you give pfsense a static IP, does not matter which. Then in the DMZ setting, you enter that IP. This way all ports are open towards pfsense. Then you turn the wireless router into an access point and connect one of it's LAN ports to the pfsense LAN (your home network). All you have to do to make it into an AP is typically just log in and turn off DHCP. Important not to use the WAN port on this router. So connections go: ISP Modem -> pfsense -> any swithe(s) -> Wireless AP (router)

Yeah it should never reach that size. It's probably unable to rotate them because of the compression time taking longer than the rotation time. I would clear the log files and disable compression. Or increase the log size and reduce the amount logging so they aren't rotating as often.

Check the system logs at the time it starts. But otherwise, yes, try to check it while it happening.

@tomashk Thanks for this, on my pfsense 2.7.2 I used this commands on CLI zfs set sync=disabled pfSense System -> Advanced -> System Tunables - set vfs.zfs.txg.timeout to 180 dropped from 28% IO delay to 5 % [image: 1731049158212-26dfeae6-4122-40bc-a1d3-2ad978396090-image.png]

You could also try adding a host override for acb.netgate.com as a test. I wouldn't leave it like that because the IP might change at some point in the future. But it's been the same until now!

@Bambos your switch needs to support that. If you just have dumb switch its not going to work. Pretty much any 40$ smart switch turn off a port not in use. But to do something like port security that is just mac based, or using 802.1x you need a slightly better switch. If your goal is locking down your physical access, you need a switch that provides some methods to do that. Not providing IP sure isn't going to stop them from scanning other devices once they have a physical connection.

@georgelza said in pfSense not enabling port: @Gblenn Yes... the VM is started via the data centre and that won't allow you to start it twice. You will need to clone it and give it new name and IP. I'd prefer to have the VM Images on local mirror via Ceph, gives me speed and Ceph will make sure there is a copy on another node. Would like someone else to chirp in here... confirm this works with Proxmox. know other Hypervisors allow this. G Yes that is my understanding as well, although I have not tried it. And I totally agree that using the local nvme's will give you way more speed. I still suggest creating a PBS VM (Proxmox Backup Server) and perhaps map e.g. a disk on your TrueNAS for that. I've had a few instanses where I have wanted to "go back in time" and restore something from a few weeks back even. Typically because I messed up and didn't realize it until some time later. other than the official proxmox forum which does not seem to have much activity, anyone aware of a active/responsive proxmox community... otherwise wondering if we can get the admin's here to create a proxmox section ;) There is a virtualization section already, with plenty Proxmox activity... https://forum.netgate.com/category/33/virtualization

@Gertjan i can see only 3 pushover threats , and about 40 telegram threads. I see the probability to have success with pushover very slight. so i will check out telegram.