No.

The pfSense shell :

pfSense - Netgate Device ID: 20cc46dfabc85c78e087 *** Welcome to pfSense 2.4.4-RELEASE-p1 (amd64) on pfsense *** 0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) PHP shell + pfSense tools 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Disable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell

Option 8 - is a classic shell.
Cisco uses IOS commands, pfSense has a GUI.
With the Cisco GUI (if it has one) you couldn't do all the things you can do with the IOS commands.
pfSense : the other way around.

"Option 8" exists to see the OS file system and to interact with, start some basic or complex "FreeBSD" commands and yes, there are even some less known (and rarely used) made-by-pfSense scripts files.

You cant' manage pfSense purely from the command line.

See also threads like https://forum.netgate.com/topic/125603/cisco-vs-pfsense/9 (and Google can tell you more, as usual)

@mr-newbie thanks for your reply i'm trying to setup user management/privilege in which our users can login with their LDAP credentiel(username and pasword),i want to know why on "system usermanager>settings>test " all are ok but via Diag>authentication,autnetication failed,please can you test "ldap.forumsys.com" or do you know any online ldap server for test on it?(you can see my ldap server config attached)
thanks0_1544691265061_myLdapConfig.png
0_1544691326670_TestLDAP.png

fsck requires read-only mode because it operates on the filesystem metadata directly. A read-write filesystem could change in the middle of a fsck operation and break it worse.

@bmeeks said in How do I find this device?:

@gregeeh if you do not want this traffic filling up your logs, create a rule near the top on your LAN interface that has any as the source, UDP as the protocol, ff02::1 as the destination address and 10001 as the destination port. Set the rule to drop but not log.

Right now that traffic is hitting the firewall's default deny rule and that rule is logging the dropped packet. By inserting your own rule up higher in the chain, the packet is "handled" by your rules and thus never gets to the default deny rule (which is at the bottom of the rule chain).

Most helpful. Thank you.

@johnpoz said in Share WAN connection:

You do understand the pfsense can be a sip proxy right..

Good point. I have installed siproxd, set outbound to WAN and inbound to LAN2. Everything else was left default. After reloading states FB6490 can register to the SIP registrar on FB6490(UM) BUT at the same time now FB7390 cannot register anymore to FB6490(UM). What does this mean?

@chpalmer said in Share WAN connection:

His cable company is his phone company from what Im getting..

You got it right. And because the device is the property of the provider and also configured by the provider I am very limited.

ATT offers 2 other shi, i mean amazing boxes, im on the phone with them now getting one sent out.

As far as I can see, it seems to be self contained :

https://docs.netdata.cloud/installer/#pfsense

extract :

Note first three packages are downloaded from the pfSense repository for maintaining compatibility with pfSense, Netdata is downloaded from the FreeBSD repository.

pkg install pkgconf
pkg install bash
pkg install e2fsprogs-libuuid
pkg add http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/netdata-1.11.0.txz

the netdata package does not seem to add extra dependencies unless I'm looking wrong

but something like netdata (also like ntopng) is designed to run 24/7

I'm running it on a test pfsense in an isolated network, for now the test setup seems to run

Thanks for the help. I just added the LAN nic to the same local network to get things configured.

@stevelambert
Try to change the binding in usr/local/etc/netdata/netdata.conf

change
bind to = 127.0.0.1

to
bind to = *

restart netdata :
service netdata stop
service netdata onestart

Ah, that can do it if there are unpopulated tables in the ruleset. pf cannot load and hence there is no NAT.

Steve

Ok well if it comes back I'd check the other interfaces to see if it's ARPing there. It's not doing so there if you were pcapping on the actual interface in question.
Also make sure you have all the hardware offloading options disabled.

Steve

Updating to latest :
See forum "Installation and Upgrades" , you'll find examples how to proceed.
If the GUI is ko, access the console. Option 13.

See also https://www.netgate.com/blog/pfsense-2-4-4-release-p1-now-available.html and the very important https://www.netgate.com/blog/pfsense-2-4-4-release-now-available.html

partial resolving:
reapply another time changes ( saving) to records modifications... it should work at the second time.

It was a WebGui config interpreter bug. ( maybe because by defaut the first field active is the proxy support one, and may the active field is tested as changed by this way and need to be valid to be registered. And so all modifications on misc options recall us "the password of support proxy info do not match..."

Nice. I expected that to work but I could also easily imagine something unexpected getting in the way.

Steve

I take it the "3 emails a day" are being sent by your mail server software to alert you? If it is from random senders I would consider those phishing emails.

Any mail server with ports open to the Internet is going to see a lot of attack attempts. If you have a lockout after 5 incorrect passwords they will likely give up and move on.

Suricata or Snort can try to block those attempts, yes. They can be set up so if an alert is triggered the IP is blocked for the desired amount of time.

Generally for in-office mail servers, we set our clients up with our spam filtering service, and in pfSense only allow connections on port 25 from the filtering service IPs. So the world cannot just connect to the mail server.

I somehow had something wrong with the Interfaces that caused it to crash, reconnecting WAN and PPPOE fixed it.

I will try with the problematic onboard NIC later, the new NIC which is a

em3@pci0:2:0:0: class=0x020000 card=0x10838086 chip=0x10b98086 rev=0x06 hdr=0x00 vendor = 'Intel Corporation' device = '82572EI Gigabit Ethernet Controller (Copper)' class = network subclass = ethernet

works perfectly fine aswell.