For most patches nothing further is required. However some of the recommended patches for 2.7.2 do so I would reboot after applying to be sure. When restarting or rebooting is required it's noted in the patch description.

Check Diag > System Activity or top -HaSP at the command line. What is using the CPU cycles when this happens?

@terryzb said in pfBlockerNG vulnerability?:

Is this a concern?

tl:dr: Nope. 😉

@dada00 Thanks for asking/posting this. This was exactly my situation as well. I had long forgotten that I had set a particular host as a test VPN server. I was racking my brain trying to figure out where the monitoring was happening.

@jamesonp You rock!

Thanks!

@Fandangos said in Is it possible to have a device from one interface to have an ip on another interface?:

no I set it up manually on the docker container.
So if an IP is not set up by DHCP it will not show up at DHCP leases. Makes sense.

Exactly. You can see the IP in Diagnostic > ARP table, however, after a communication with it for 20 minutes.

If your intention is to use its host name to access it add a host override to your local DNS.

When I'm doing a VLAN here, I have a smart managed switch that will tag the port connecting to PfSense and tag the ports I'm using to connect my devices to it.

No, the VLAN has to be terminated on Unraid and pfSense. If there is a VLAN-capable switch in between both ports need to tag the packets with the proper VLAN tag.

Isn't it possible to create virtual IP and NAT it somehow?

NAT = translate the IP from one L2 subnet into another one.
As I wrote in my very first setence, DLNA requires both, server and client to reside within the same L2.

Nice! Yeah there's a lot of ways to get that to fail! Sounds like you removed them all though. 😉

Sorry for the late reply.

For anyone interested in Minisforum releasing a bios fix for this issue, I'd recommend you email support@minisforum.com and voice your interest in this.

Hopefully they will not state a fix is not possible, but if they do, kindly point them to the following:
https://www.asrockind.com/en-gb/index.php?route=newsblog/faq&faq_id=91

This is a competitor's board with an AMI bios and the same i226-LM chip. I am not a bios expert by any means (it probably is not as simple as this sounds), but that link did seem to get them to consider the possibility.

@stephenw10 Yes.

php shell script probably easiest then.

https://docs.netgate.com/pfsense/en/latest/development/php-shell.html

Well it could be an alias in layer 2 rules perhaps... all the normal firewall and NAT rules would need to resolve a hostname or MAC to an IP dynamically.

Hi

I downloaded version 2.7.2 and reinstalled the system. Now it works.

Thanks

Nice! Still weird but..... 😉

@Bob-Dig

There is some info here:
IEEE 802.1Q

This shows an Ethernet frame both without and with VLANs. You can see where the tag goes. The size of the payload is what is determined by the MTU.

If you run Wireshark you can examine the frames and see the VLAN tags and more.

@ciscokid

Sorry, yes, you're right.
You have to click with the mouse, or tap on my phrase, as it is a link to another forum post where you are told what to do.
You have to create (copy and paste actually) a file.
You have to install the pfSense 'cron' package.
Etc.

Screenshot 2024-08-07 at 15.53.57.png

No worries. I don't think anyone would argue that pfSense would benefit from built-in MFA. Unfortunately developer time is limited.

@viragomann @stephenw10

I appreciate you folk working with me on this thread. I think i ironed out all the issues and/or misunderstandings i was having here.

Appreciate yall !

Same symptoms? No outbound state at all?

Aha, nice!

Yup IPSec in policy mode can grab traffic and make it disappear like that.