Rebooted a few times and now the error is gone but it's gotten really slow to almost not workable anymore, the router still works, however the webpages are have gotten really slow to the point where they don't load anymore.

All known XSS issues have been fixed. If you have found what you believe to be a new or otherwise uncorrected XSS, please follow the procedure at https://www.pfsense.org/security/ and report it privately.

I just figured out, in my case, that I could just call my script like this and shellcmd launches it and continues as normal

daemon -f python2.7 /path/to/script/service.py

@emammadov

@emammadov said in Updating to 2.4.4 version is safe now?:

@luisrafael I don't click update. I try to test it in fresh installed 2.4.4 version and restore config.xml. You think this way is not safe too?

If you have a fresh installation 2.4.4 maybe you don't have problem with the packages.

I update 2.4.3 to 2.4.4 ... and squid package didn't work. Now i update freeradius3 and i have the "some" package not work.

Is it stable for me ?

thanks

OK, I opened https://redmine.pfsense.org/issues/8993 to track it and committed a fix. As long as you have at least one rule in there on an interface it should be OK. You're lucky the anti-lockout rule was there to prevent you from being shut out of the GUI.

It's not a situation most people would find themselves in, but it's worth fixing since it's a one-line correction.

Maybe not.

https://forum.netgate.com/topic/109030/upload-a-dhcp-static-mappings-table-to-a-pfsense-device

I'm not aware of a limit there but I've never tried to add more than a few.

What exactly are you trying to do?

What error are you seeing?

Steve

I realise its old but a lot of people seem to be landing here and viewing. I manged to solve this by using the earlyshellcmd and adding it to the pfsense config file eg (you might be able to do multiple earlyshellcmds of run a script but i wanted it simple, and wasnt going to assume the path was setup)

[2.4.4-RELEASE][kraduk@pfSense.localdomain]/home/cscott: head -6 /cf/conf/config.xml <?xml version="1.0"?> <pfsense> <version>18.8</version> <lastchange></lastchange> <system> <earlyshellcmd>/sbin/ifconfig em3 name WAN;/sbin/ifconfig em2 name LAN; /sbin/ifconfig em1 name DMZ2;/sbin/ifconfig em0 name DMZ1; </earlyshellcmd>

Many thanks, Steve! Really appreciate your help.

Kind regards
Phill

Thanks for the hint. I don't think that after what I figured out today, Apple Home will be "my thing". Of course I could setup "something" in IoT VLAN which connects to Home and I can connect from iPhone in another VLAN, but if I didnt do it wrong, it always uses the internet to execute commands, means:
Iphone Home App --> Internet --> control server --> back home --> iPad --> IoT devices

I can clearly see a delay from pushing the button in Home App and when I sniff on the interfaces I can see outoing and incoming connections.

What I'm curious about, except some avahi/mdns/zeroconf stuff there is nothing I could do to keep it local when iPhone is on user WLAN/VLAN while hue bridge is still in IoT VLAN ? Thats where my network skills leave me alone.

You might also check FHEM if you didnt already.

You have to define groups and then use group ACLs. Create a group that can access any site and then simply don't apply those blocks target categories to it.
https://www.netgate.com/docs/pfsense/book/packages/a-brief-introduction-to-web-proxying-and-reporting-squid-squidguard-and-lightsquid.html?#access-lists-acls

Steve

Indeed I have something very similar to that but I cannot use that as a source address. Obviously, it's link-local.

I would not expect the OP to be using that as source for a pkg update though.

Steve

@rgc No I am Not running pfBlockerNG-devel, but I still can save output to .php file from diagnostic Crash reporter. I was told to post it here 1st. I guess to vet and prevent unnecessary or redudnat reporting from being posted to bug portal. Should I post the the bug report.php now? to th bug reporting portal?

What logs are you seeing without Snort and bandwidthd filling it?
I exepct to see more nginx errors in there.

Steve

@johnpoz said in Using PFSense as a router between two ESXI hosts - VLANS, routing help:

So I ran a USG p3 for a short time while I transitioned between pfsense on my OLD esxi box, it could not handle my then new 500/50 internet.. While the USG handled it without issue as long as didn't turn on IPS which disables the hardware offload.

As soon as the sg4860 I wanted back in stock and got it, the USG went on my self.. While I love the price point and that it can handle the 500/50 without much issue... It is no where close to the maturity and ease of use of pfsense..

If you have more interfaces then you for sure could do more with the networking on your esxi than that basic setup I posted.

Maybe something like the sg3100 (pair) of them would be something you could do if you really want HA.. Or the 5100s that are now shipping. I think that is a bit over the top for home setup myself. But since you have 2 esxi hosts and plenty of nics in them - you could for sure do it with the hardware you already have. Or if money not a problem - get yourself a couple of the new XG-7100-1U for your CARP setup ;)

Have Fun!! I predict your ER is not long for this world once you start playing with the power of pfsense ;)

Yea, I think my edgerouter days will be coming to a end in the very near future.
For now, maybe get a sg3100 with plans to do HA in the future (although reading on CARP, that sounds fun....not sure I could convince the wife on the xg-7100-1U :) ).

I forgot to mention, at some point i am going to be adding a storage piece for backups, nfs mounts for my ESXi. THinking that will add 2-4 more NIC's to my setup. SG3100 still be ok for that?

I didnt realze that the SG3100 had 5 NIC's outside the WAN interface.

I have the SG3100 (one for now) in my cart...ready to buy (just making sure right one for now and future stuff (storage)...ready to purchase!!!

Thanks everyone!
Now, a bit wiser, I know how to proceed.

Good to hear you found the problem.