Yes,you can use pfBlockerNG.

Gateway IP is automatically assigned when "dynamic" word is written. Go System>Routing New , choose OPT1 and put your gateway there. Or go to Interfaces>OPT1 and put your gateway. if that didn't work try to put static IP for OPT1 interface not DHCP

If you are using google chrome, just try different browser or update pfSense to the latest version 2.3.2_1 which is released yesterday. 2.3.2_1 Features & Changes Worked around a Chrome bug with regular expression parsing of escaped characters within character sets. Fixes "Please match the requested format" on recent Chrome versions.

The Virtualization forum is here. what should be the ip, what subnets and what rules. Use any other private network subnet.  192.168.2.1/24 for OPT1 interface.  Don't forget to add an Allow All rule since OPT interfaces do not get any firewall rules by default. How can debug this ? If two different clients on the same network behave differently then you need to look at the misbehaving client.  Local firewall on your OMV perhaps?

I don't know how to read the dump, but I did notice this, probably unrelated, bit of info being spammed arp: 10.0.61.230 moved from 84:2b:2b:47:df:7e to 84:2b:2b:47:df:7f on em1 arp: 10.0.61.42 moved from 00:1b:63:39:64:d5 to 00:1b:63:f1:ef:b3 on em1

Many thanks to all! Should have use a UPS lesson learned. recovery board ordered and it's on the way. Cheers

if Squidguard is not able to handle too many requests due to performance or settings issues Strange.  squidguard has no notion of child threads or anything since it's called on-demand by squid.  If squid doesn't have enough children, then processing should slow down but not just completely ignore the calls to squidguard to process the current URL. Regardless, this can be addressed by increasing the number of child threads in squid's Advanced Options - Integrations: url_rewrite_children 16 Bump it to a higher number if you have slow processing caused by lots of users.

It was not written by anyone involved with the project, and has generally poor quality overall. On top of that, it is now very, very out of date. Search around the forum you'll find some older discussions with not too many kind words about it.

If you only see "revert" then you already have the patch applied. 2.3.2-p1 includes the patch already, you do not need to do anything if you have updated.

I'd love to be able to slipstream my config into an install cd that runs on boot.

Cable modems… Rebooting the modem only doesn't help? Is your WAN interface configured for DHCP? Having it get 0.0.0.0 is different. It's usually something like 192.168.1.100. What does Status > Interfaces look like for WAN when it is failed? When it is working? The System and Gateways logs are other places I would start.

Looks that way. Register it (www.pfsense.org/activate) and open a ticket. Refer to this thread and RMA should be easy.

Ah, after ages of wondering what on earth is going on, checking settings over and over, it seemed the interface had been unselected. So em0 was no longer em0. How annoying is that! Anyway, online and all good.

I really don't get why you don't just vpn, its sure not overkill.  And allows you do other stuff other than just ssh in.  I can vpn in from my phone, my desk at work via a proxy.. Click I have the vpn connection. As I stated before if your going to allow ssh on the wan.  I would look it down to only the region of the world your going to be coming from, and yes turn off password auth.  If possible lock it down to your actual IPs or netblocks you will be coming from for remote admin.  This is quite easy if your admin your own remote sites from say hq or your house, etc. If you leave it open your going to not only get firewall noise of a hit, but log noise of them trying to log in even if you have just public key.  If you want to reduce that noise then change the port - but this might be a limit to where you can access it from if they are not allowing for your non standard port outbound. One of the nice things I like with openvpn is running it on 443 tcp which pretty much always open if there is internet access where your at.

sorry, but anyone could suggest complete list of yahoo ASNs…thx

those lines are exactly what I see whenever my system boots up but just continues to normal boot after that. I can now do a clean install of 2.3.2 CE version again. Thanks for the reply!

Any host needs a route to the networks it wants to reach outside its own subnet. The default gateway is the router the host will send traffic to that is not in its local interface subnets and for which it does not have a route in its local routing table. This is typically the interface address of the router on the host's subnet. Look at the diagram I link to below. The default gateway on Host A1 would be 172.25.232.1 The default gateway on Host A2 would be 192.168.1.1 etc.

In this L2TP/IPSEC setup, the firewall rules in the interface tab do not seem to apply because of the underlying "incoming" assumption. To log traffic from L2TP clients, I created a "pass all" FLOATING rule, interface L2TP/IPSEC, direction outgoing, all IPv4 protocols, TCP flags any, sloppy state. That should take  care of it, but TCP traffic is simply dropped. So I added a second rule specifically for TCP traffic. The rules are: Pass&Log            IPv4 *                  *            *            *            *            *            none                    Secret Rule Pass&Log            IPv4 TCP              *            *            *            *            *            none                    Redundant Secret Rule In summary: the IPSEC interface will only log the first packet of the L2TP exchange all the rules applying to L2TP clients seem to be enforced only in the out direction and must be enforced with a floating rule it is not possible to drop a specific interface from the logs using an explicit block all rule. If anybody can enlighten me, I would  be grateful. Regards,

Thanks, I wouldn't have thought to look there, although it makes sense now I know! However, I think I've found a bug in the GUI: I select to create a new interface of type L2TP, select the wan interface as the link interface and fill out the required fields, but even when they're all filed in I get the following errors at the top of the page: The following input errors were detected: The field Local IP address is required. The field Subnet is required. The field Remote IP address is required. and the connection is not created, this is frustrating as it would seem I'm very close to getting the tunnel configured. I think the same error has been reported here in the forums but I don't really understand the fix explained: https://forum.pfsense.org/index.php?topic=110251.0 I'm happy to file a bug report (if I can) but if someone could explain a quick fix work around I'd be grateful : ) One last thing, I understood that when I connected to my L2TP tunnel I would be given an IP address so I'm assuming that the 'local IP address' setting will not be mandatory? Thanks,