@stephenw10
I need to go on a dang course :) :)

I am great with Virt and Linux and MS - but I suck at firewalls :)

Thanks mate :)

@stephenw10 Great. Thank you. I'll have a play with that and see if I can up the frequency of renewals.

Thanks
Andrew

nice information

@markdudov

Release WAN : shuts down the DHCP client on WAN? and takes down the WAN interface.
Relinquish : also destroys the information about the current lease, so the next time WAN gets activated and DHCP client start, it will ask for a lease, and it will not ask for a preferred IP address, the one it had last time. The DCHP server can override the preferred request, and still assign another one.

When you "Relinquish", the next time the DCP client starts, it will as for any available IP without preferences.

Just my 'MHO' of course.

@stephenw10 Ok I do apologize.

I was using a switchport in a vlan without DHCP.

My bad.

That worked! Thank you very much, Steve!

@stephenw10 @dennypage
OK!

I did as you said. It worked well. After re-enabling the interface I managed to eliminate the "cancellare" alias that was in a rule of this interface, thanks

Hi,

thank you very much. I tried and accessed via SSH. And yes the CPU load there is about 5%.
I did not expect that the GUI consumes that much but good to know - Thank you very much for the information

Have a good day

S

@4eanlss Okay, so, after looking at the boot log I've found that there are a number of core-dumps on pkg-static. Looks like install from fresh image is in order.

Yeah you need to policy route traffic over the GRE tunnel otherwise it will jst use the default gateway which is probably the WAN.

If ICMP and UDP work but TCP fails you probably have an asymmetric route in there somewhere.

You only need 1:1 NAT at the remote end. You don't need the port forwards. The outbound NAT rules you have there are wrong and not doing anything anyway. But you don't need those either.

You didn't show it but I assume you have a static route at the remote side for the local NEW_LAN subvnet via the GRE tunnel.

Yup more info needed. What hardware is that? How are those WAN NICs connected?

@stephenw10 Oki))

@stephenw10 Oki)))

Yup, that^. Restoring a config is easy compared with trying to create a mirror after install.

@stephenw10 Thanks much!!

@stephenw10 That's neat! Thanks for the information 👍

Hello Steve,

Thank you for replying.
In fact, we were listening to IPv4+IPv6 in bind.
I just changed that parameter to listen only on IPv4.

Waiting to see if this happens again.

Thanks a lot.
Birama

Hi,
I was looking for the same thing and found that there is a "/etc/pfSense-rc.shutdown" script. At the bottom it runs all executable scripts in "/usr/local/etc/rc.d/shutdown.*.sh". So I'm guessing that creating such a script will achieve what we are both looking for. The catch now would be to guarantee that the creation of such a script will survive an update. I would guess yes. What it won't survive is a reinstall.

The filer package addon can be used to create this script and also sync it in a ha cluster.

Mmm, latency like that can really only be traffic shaping in pfSense, if it was something in pfSense.

Some cable modems are known to behave like that though.

That doesn't appear to be a specific exploit/vulnerability so it's difficult to assess.

The usual precautions apply though; don't open services on your firewall to the internet.