Setup vlan 60 firewall rules to use your vpn gateway..

@thsalex
What do you mean by the term "lock"? There is no "lock" with regards to either package. There are blocks, but those are implemented by placing the offending IP addresses in the pf (packet filter) firewall's snort2c table. This is a table that is created by the core pfSense code during initialization of the firewall. Any IP addresses placed into that table are blocked via a built-in firewall rule that references the snort2c table. The table can be cleared manually, automatically by a cron job, or by rebooting the firewall.

Most of those have so little RAM/CPU/etc that they could not effectively run pfSense. And most of them are not 64-bit x86 hardware, but various ARM platforms for example.

status-->system logs-->settings:

Local Logging: [ ] Disable writing log files to the local disk

Someone here pointed out to me that one can add an "IP Alias" under virtual ip's, which does exactly what I want.

Hello,
I would like to inform you that my problem was resolved. What was missing is adding the subnet of PC to the allowed subnets in SQUID Proxy Server.
Thank you.

Your corp account uses the same domain to login? You can create a custom url for your mail... Then just block the normal url.

Too early to say. Probably a long time, we are finishing up 2.4.4-RELEASE right now, and haven't formally started on 2.5 in any way. It likely isn't going to be next after 2.4.4 either.

Ugh yeah, I know Realtek is crap. It worked for years up until recently though, it's like the latest BSD pfsense kernel driver just sucks exceptionally worse for Realtek. This card is pushing a crapload of traffic though because I have an NTP node running behind it. LAN side is running LACP on a dual port Intel with no issues.

I do have a free port on the motherboard though, I may find another cheap Intel card off ebay and be done with it.

@mrpeterson

Yes, it's a small case business class desktop computer. However, I bought it a few years ago and found it in a store flyer. I don't have a link for it. Regardless, it doesn't have that encryption support I mentioned, so I will have to replace it in the not too distant future.

@tim-mcmanus

Couldn't agree more. At its core Tor is just a couple of proxies; a couple of ISP's to "strong-arm" and they've got you.

I'm attempting to implement some security practices that make it a lot harder. More specifically 2 end-to-end encryption tunnels (via 2 different "reputable" VPN's and hopefully one of the Raspberry PI devices that turn a tor connection into a network connection, essentially meaning that I will have 8 hops rather than 3.

The data itself is rarely ever sensitive in nature.

There is no command that will query the local database users in that way, you'd have to write your own script.

You could use the changepassword script as a starting point. It is in /etc/phpshellsessions/ and you run it from ssh or console shell with pfSsh.php playback changepassword for example.

About what I figured. Thanks for the excuse to buy a new box! 😃

Good to hear - yeah pfsense doesn't do anything with the traffic other than nat it.. Unless you were using proxy software pfsense doesn't modify anything..

When you get a new IP from your ISP you never know what the guy that had it before was doing ;)

Are clients able to pull a DHCP lease from pfSense on the LAN or Wifi?

Do they appear in the pfSense DHCP status page?

If you are unable to ping the pfSense LAN interface by IP then you have a fundamental issue. Try running a packet capture on LAN to see of those pings are even arriving.

The description of the issue here could easily be a rogue DHCP server on your network.

Steve

Thanks

@jimp Yeah, you're right. Thank you very much.

Have nice day,

Gabriel

Many an accesspoint/wifirouter will not allow remote admin. When your not from the local network you would be "remote" so you would have to enable remote admin.

What is the make and model of this AP?

I finally got the above scripts running as shell scripts, then using cron to call the script itself. So easy and so basic, it's embarrassing to be posting it to such a learned forum, especially after all these years. :)

The main motivation to finally learn how to script this came via adapting scripts to automate ACME's Let's Encrypt SSL certs into my UniFi controller, which I have running on my pfSense box (https://community.ubnt.com/t5/UniFi-Wireless/Unifi-Cloud-key-certificate-installation/m-p/2437833#M312944)

Anyway, the basic script to automate adblock hosts file updates is:

#!/bin/sh FILE="/etc/adblock" /usr/bin/fetch -q -o ${FILE}.new http://winhelp2002.mvps.org/hosts.txt && if [ -s ${FILE}.new ]; then if [ -f ${FILE} ] ; then /bin/mv ${FILE} ${FILE}.old ; fi && /bin/mv ${FILE}.new ${FILE} && /usr/local/sbin/pfSctl -c "service reload dns" && if [ -f ${FILE}.old ]; then /bin/rm -f ${FILE}.old ; fi ; fi

Obviously the file name (FILE) and download source can be easily varied according to need. Simply make the script executable (chmod +x) and then point cron to run it whenever you want.