I created a temporary rool to allow the web configurator to show up on the WAN if someone have a better idea…

I don't use SQUID, but the few times I used cert overrides, I always inserted into the OS, not the browser. I know the browser does support managing certs to some ability, but like for PFSense's web UI, I download the CA and inserted that directly into Windows to solve the cert warning.

Sorry this is later that I said, busy weekend with Uni work. I've created a post about how I got this working. https://forum.pfsense.org/index.php?topic=111517.0

If it helps here is how i did it using a wpad https://forum.pfsense.org/index.php?topic=93060.0

@2chemlud: @Gertjan …don't miss the closing parenthesis of the link, which is not recognized by the "auto link generator" of the forum software ;-) Got it. https://doc.pfsense.org/index.php/Filesystem_Corruption_%28503_errors,cannot_get_uid%29 isn't https://doc.pfsense.org/index.php/Filesystem_Corruption%28503_errors,_cannot_get_uid I had to invent de missing ")" ;)

Thanks Tivo Is there no inbuild software in PFSense that already allows you to block by category?

@BBcan177: Run the following commands: For Snort, you should see one process per defined Snort Interface(s): ps auxww | grep snort For pfBlockerNG, There should only be two processes (only if DNSBL is enabled): ps auxww | grep pfb root    39809  0.0  0.2  40364  6680  -  S    29Apr16    1:15.90 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf root    40773  0.0  0.4 251152  12880  -  S    29Apr16    3:30.45 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl Need to do a process of elimination… Disable package services. Reboot... check if you still have the issue.... then add one package .... rinse and repeat ... i see there are 2 php processes again. disabling and rebooting each times costs way to much time that my network/server would be offline. as i said i never had the problem before 2.3_1 and i also never changed packaged still the same setting/packages. Problem is it takes a while before it shows it self again. and i rather dont run it without those 2 packages. ps auxww | grep snort root    99802  19.4  5.6  877940 460720  -  Ss    3:27PM  27:43.56 /usr/local/bin/snort -R 46905 -D -l /var/log/snort/snort_igb146905 --pid-path /var/run --nolock-pidfile -G 46905 -c /usr/local/etc/snort/snort_46905_        igb1/snort.conf -i igb1 root    63597  1.2  8.1 1326116 670292  -  Is    3:33PM  12:11.00 /usr/local/bin/snort -R 19237 -D -l /var/log/snort/snort_igb019237 --pid-path /var/run --nolock-pidfile -G 19237 -c /usr/local/etc/snort/snort_19237_        igb0/snort.conf -i igb0 root    42264  0.0  0.0  18740  2244  0  S+  10:46PM    0:00.00 grep snort root    28722  0.0  0.4  229204  33084  -  S    9:47PM    0:03.15 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl root    28771  0.0  0.4  229204  33104  -  S    9:47PM    0:03.16 /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl root    91567  0.0  0.1  44340  6220  -  S    3:25PM    0:00.88 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf root    78542  0.0  0.0  18740  2240  0  S+  10:47PM    0:00.00 grep pfb When i update pfblocker and use reload all. i see a PHP process pop up and once the reload is done its gone again. is it possible the php's one are stray ones that didn't want to close/end correctly?

i have disabled all usb port and now this random error is now on me [image: 20160508_140948.jpg] [image: 20160508_140948.jpg_thumb]

I just upgraded to 2.3 and was totally dumbfounded by the lack of total traffic information. This just sucks! Although the graphs are nicer looking, the lack of total traffic, which is the most important information for me as a home user, makes the monitoring tool not that useful to me. Why was it removed?! Edit: my question was answered https://forum.pfsense.org/index.php?topic=109769.msg620829#msg620829

Wow - thank you for the quick response. I've increased the CRON Settings from "Every hour" to "Every 4 hours" and will continue to monitor.  I've attached the pfBlockerNG widget screenshot, as well as attaching my pfblockerng.log ( if it helps ). I've reviewed the pfblockerng.log (as well as the other log files under /var/log/pfblockerng/ ), but nothing really jumps out at my untrained eyes; the times in the logs are in CDT.  My most recent outage [captured by monitoring] would have lined up with log entries from 05/06/16 23:00:00 CDT to 05/06/16 23:15:00 CDT.  I may have played with some settings shortly after connectivity resumed. I just saw that I could upgrade pfBlockerNP … so that's done now too. [1/1] Upgrading pfSense-pkg-pfBlockerNG from 2.0.12 to 2.0.14… [image: pfBlockerNG-widget.png] [image: pfBlockerNG-widget.png_thumb] pfblockerng.log.gz

Thanks! Yea - there was something totally erroneous set as default. Changed that - we'll see how it goes. Gads, that wasn't even a BSD vs Linux thing - just simply oblivious….

Thanks guys.  I thought I had tried that at the time I posted, and that it hadn't worked, but I probably misspelled the domain or something because of course it works fine.

I have tested 3 versions of compiled sources of igmpproxy, no one works like expected. Member -flo- in the german forum had also a look at this. The sources available for igmpproxy for Linux/BSD aren´t capable of igmpv3 (specialy ssm) on the downstream interface yet. The Linux alternativ igmpproxy mcproxy lokks like it could do it.

Starting a new post since this is now a different problem. https://forum.pfsense.org/index.php?topic=111449.0 Thanks for the help.

I always use the webgui to shutdown or reboot.    Sometimes on a shutdown it isn't detected either.  When this happens, always just pull the power plug and then it works perfectly.  I do have another card that I can retry.  Didn't notice that behavior before 2.3, i could reboot whenever I wanted and it worked.. Card is about a year old, computer is a brand new i5.

I use PFSense's DNS resolver to give me 0ms cached DNS response times. I also set the cache to be huge and auto-refresh entries prior to expiration. Nothing like a good cache hit rate.

Those recommendations are ancient. You definitely don't need server-class hardware. Any modern Atom will push 1Gbps as long as that is all it is doing - i.e. you're not asking it to perform Snort IDS or OpenVPN at 1Gbps also. Try to find something with Intel QuickAssist, like the Atom C23xx series. pfSense sells a official router that uses a C2358 Dual Core 1.7GHz Atom (we have one and can push 1Gbps with it) - but as you can see, in the reviews, others say they can also. It's fanless too. https://store.pfsense.org/SG-2440/