I dug around some old mailing lists. The warning pertains to cases where a person has a normal account on the host, and root access in a jail. He can then suid a binary, eg. vi, and use that suid executable on the host.
If you where to have this edge case, the problem is easy to fix, just chmod 0700 your jail dir on the host.
SHM was also mentionen but as I stated, it's disabled by default.

Yes, you should update to 2.4.4p2 when you can. Be aware that is quite a significant upgrade however:
https://www.netgate.com/blog/pfsense-2-4-4-release-now-available.html

https://www.netgate.com/docs/pfsense/install/upgrade-guide.html

Steve

You would expect code in HEAD to be in the next release. That page was last updated in August though.

FreeBSD 11.2 that pfSense 2.4.4 is built on includes those patches:
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:03.speculative_execution.asc

Steve

@mike69 said in pfsense.org missing 2.4.4-p2 download:

Paste [solved] at the beginning of your title in the first post.

Thank you

Sorry for my english.

Not a problem!

Hi Captive Portal is an option.

Check oficial docs about:

https://www.netgate.com/docs/pfsense/captiveportal/captive-portal.html

My setup is; (I tried with traditional separate switchgroups first - same result)

Basically a Distributed-Switch over the two hosts with 2 Port-groups,
one Trunk VLAN (all) and one VLAN tagged with 100)

pfsense connected to Trunk VLAN - and created VLAN inside pfsense with 100 tag

then VM uses the VLAN portgroup (that is tagged to 100)

works like a charm, DHCP, internet etc. - when Iam on the same Host.

but when VM is on the other host, nothing works, no DHCP, even if i set static ip to what i have selected - i can not even ping the gateway.

I have moved both pfsense and VM's back and forth to exclude there is a specific issue with one of the hosts.

I guess there is something in the underlying network that is the problem, according to the vendor (Iam colocated) this network (that my distributed switch is using for uplinks thru one card per host) is a PRIVATE VLAN allowing 0-4095, so I assumed it would work... this is really out of my competence zone :)

However I don't see how this can happen within the DSwitch in ESXi (that should be distributed over the hosts)

@landman16 said in Issue with a block of 16 IPv4 addresses:

ISP is asking if this is the upstream gateway of Zen or some IP within my public subnet.

Sounds like your ISP needs some tech support that's not clueless. When configuring a router, it's the ISP's gateway. With computers, it's your own, in this case pfSense.

This is solution
https://forum.netgate.com/topic/40344/how-to-bring-interface-up-from-pfsense-commandline/5

On the General Settings tab of the ACME package, check the Write Certificates box, which drops the cert files in /conf/acme/ and from there you can have scripts pick them up and deliver them where you want.

No real way to do this at the firewall usefully I would say.

Might try just allowing only MACs you've added. Or maybe 802.1x at your access points.

Maybe if you have signatures and those phones in questions are calling home you can detect and block them in Snort.

Steve

Hmm, unusual failure in those cards. Assuming it's a genuine one.

Nice catch though.

Steve

This seems connected to this issue
https://forum.netgate.com/topic/114786/pppoe-disconnects-requiring-reboot/2

It is working better than every after MoCA filter and swapping to Technicolor XB6. Not sure which one fixed because did both at same time but I am not concerned anymore.

Oh, I never that. I thought it will update itself. BUT THANK YOU!

@bryan-paradis This is Funny and I know this is an old topic, but sometime ago I added a 5th Nic to my PFsense, it never worked. Added VMX that did not work either, today I tried again multiple times to no avail and stared over like 3 times. Then I decided to enable track interface and I got ipv6 and it worked I could ping tracert every thing for the first time my 5th Network card was operational, just not on ipv4. I am trying to setup a vlan for wifi in another location in the building. Well I followed your suggestion above even though the path was a little wrong but I fixed the Rule that was not auto created for some reason. Now I have the extra Vlan and the 5th network card working in a virtualized pfsense.

@nogbadthebad
So, in case I will re-open the next year 😂
Thanks

@bobkoure
Thanks for the suggestions....the problem is always have the best at the cheaper price.
I will for sure take a look at Amazon glacier!

Yes, probably.

It's possible to setup Limiters for dynamic bandwidth sharing.

Steve

That seems like you're trying to export the pfSense logs..... which is completely different to the issue here. Please start a new thread.

Steve