Nevermind I think I found it is a Chrome issue.  Will try another browser and see if that fixes it.

ItIt's a pico psu with 6.6amp 12v external supply 100-240v 50-60Hz:  using UK 230v running about 50c no fan pretty much this with 60Gb ssd https://www.amazon.com/Supermicro-A1SRi-2558F-Intel-Fanless-Server/dp/B016VHBA7C/ref=sr_1_fkmr0_1?ie=UTF8&qid=1473252480&sr=8-1-fkmr0&keywords=supermicro+c2558#productDetails

There is a ticket open and PR with a fix, but the problem is Chrome didn't properly code their regex parser. Use another browser or apply this patch with the System Patches package: https://patch-diff.githubusercontent.com/raw/pfsense/pfsense/pull/3127.patch

what?? Where did you hear what?  If your using the resolver the only thing that should be listed as your dns would be loopback.

Yeah you still have to hit the "+" icons to resolve them, on the bright side, once the hosts is resolved it updates all entries that have the hosts. pfBlockerNG logs have the option to Auto Resolve IPs.

Yea, I can see how that would be confusing. Particularly when the same pane uses an ISO date in the rollover. If it's going to be a fixed format, it would probably would be better to use MM-DD which would at least align with the rollover. You might consider providing feedback here: https://forum.pfsense.org/index.php?topic=117274.0 jdillard seems pretty responsive to feedback.

From my understanding of pf, it does appear that it is possible to have egress filtering. Its just not possible through the UI eg pass out inet proto tcp from $localnet to port $client_out_tcp pass out inet proto tcp from $localnet to port $client_out_udp Is there a way to do this through the WebUI (that i do not know of), or should i create a feature request? My logic is … SRC                          DEST                                                            Direction          PRTL              TrafficShape                                  TIME                                  Action <loopback>            <business websites="" (fqdns="" group="" )="">            Outbound          <80,443>      High Priority, B/w guaranteed        <business hours="">                Allowed  <loopback>            <non business="" websites="" (fqdns="" group)="">      Outbound          <80,443>      Low Priority, B/w LIMITED              <business hours="">                Allowed  <loopback>            ANY                                                              Outbound          <80,443>      B/w LIMITED                                <business hours="">                Allowed </business></loopback></business></non></loopback></business></business></loopback>

System > Certificate Manager, Certificates Add Method: Create a Certificate Signing Request Fill in the fields as desired Save Export request and submit it to digicert When you get the certificate edit the request and paste the certificate data. You might also need to create a CA for the intermediate certificate if any. Not sure if digicert requires them. Probably so.

Agree again Derelict - in a corp setup could be a real issue.  With a public hotspot sort of setup worse case is you have someone either doing a mitm on your users which is more of an issue for your users than you running the hotspot.  Or users sharing an access what only 1 user paid for, etc.  While guess this a problem for the hotspot running, not really that big of a security issue like it would be in a corp setup. You could play with the nat script I pointed out in trying to track down the people doing this..

Why aren't you running factory? Have you done this for your igb NICs? https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Intel_igb.284.29_and_em.284.29_Cards

No idea what "freeze on large file transfer problem" you're talking about. It's not something software will solve, assuming you have a good install which should be the case now. It's certainly not something systemic in the software. Is there already a thread going on that?

Got Squid installed? That's notorious for this kind of stuff, especially since stuff like Windows Updates and other services use HTTP, making Squid want to cache ridiculous amounts of data. One of the issues has been HTTP request ranges. Sometimes a service may have something like an 8GiB file, but depending on what your system needs, only a small multi MiB range will be requested. But Squid will download the entire 8GiB, then return the 8MiB chunk to you. Not sure if this still applies, but it has in the far past.

Here is the error em6: Watchdog timeout – resetting em6: Hardware Initialization failed em6: Unable to Initialize the hardware em6 = port 6 after that, bunch of errors and collisions appear in Interface Status.

There is nothing to do in the built-in load balancer (relayd) for virtual hosts. The original client connection is forwarded in, it would still contain the host header that Apache needs to pick the right virtual host. We need a lot more info to say for sure what might help your situation, starting with what actually isn't working, how you're testing it, and so on.

What AP are you using.. I would think with such a number you would have a controller to manage them and show you details like that.  Not sure how you think pfsense is suppose to know what AP some client is connected too??