If someone got on ur network and found out your admin pw and put a keylogger on you this can be plausible.  That's a lot of work, who did you piss off??? I don't even setup up the wifi password wirelessly these days, I plug into the AP and set it up over the wire. However, 2 factor auth has made a lot of this stuff irrelevant.  Unless you rooted your phone and got spyware installed on that too. If this stuff happened, you may not want to be running "highspeed" stuff that is "beyond your reasoning". Format and reflash the firmware of everything you got and try again.  Or better yet, throw everything away and buy new stuff someone may have put a chip in your computer board. Pull out your wires too, someone may have bugged your ethernets. See where this goes?  Crazyville - pop. IT folks.

For what it's worth in both xen and kvm VM's I've had pfsense in I've added smart widgets and also viewed the smart status page, and they certainly didn't spit any error let alone drop the entire disk  ;D This is most certainly a hyper-v bug, and a pretty serious one

@KOM: Can you explain why this is the case?  Normal use cases have pfSense acting as DNS for its clients, and pfSense would either use the Resolver to talk directly to the DNS root servers, or the Forwarder to have pfSense talk to an external DNS such as your ISP's DNS or Google DNS.  The point I'm making is that you generally don't want your clients to be able to use any old DNS if you're using any access controls. I use a dns-based service to avoid geolocking… at the moment the media devices are configured to use the service provider's DNS servers, and the rest of the network use the ISP's DNS. Thanks for the two articles - I suppose I can configure everything to use the service provider's DNS and then use overriders for the domains I want to prevent access to. I'm still intrigued as to how the commercial routers do their thing :) Thanks, I appreciate your help!

Will do, thank you as always

I've the same problem I fix it with prompt command : /usr/local/bin/perl /usr/local/www/lightsquid/lightparser.pl

hi friends i can found soap link. Freebsd 10.0 X86 ftp://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/x86_64/7.0/All/php55-soap-5.5.33.tgz Freebsd 10.0 X64 http://pkg.cdn.pcbsd.org/10.0-RELEASE/edge/amd64/All/php55-soap-5.5.33.txz and other links http://pkg.cdn.pcbsd.org/10.0-RELEASE/edge/amd64/All/ ftp://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/net/php-soap/README.html

Are you saying it disables remote logging also? The logs in the pfSense GUI are the logs on disk. Disabling the logs on disk will disable the logging you can see in the pfSense GUI. Remote logging via syslog should still work, though. It's basically doing exactly what you told it to do – though perhaps not what you expected. If you want to see logs on pfSense, they have to be stored somewhere. They aren't buffered in memory, they have to go to disk. You could try putting /var/ in a RAM disk if you're concerned about disk writes, though that has other caveats.

well what is the gateway you set on pfsense wan?  If points to your router as its gatway you would have internet access for all your vms just like any other machine on your normal network.. Since out of the box pfsense would nat all the traffic to its IP that is on your normal network. To get to vm1 you would need to setup a port forward for what port you want to send to vm1 IP in pfsense, then hit pfsense wan IP from the linux box on that port. Only if you don't have pfsense not natting do you run into complications because of possible asynchronous routing and your isp router not know how to get to the downstream network that is behind pfsense, and not setup to nat that network or even allow it, etc..

Someone just updated ticket, I'm sure I'm not alone :)

The default wan rules block all unsolicited traffic, so out of the box the web gui is not available via the wan.  You would have to have created rules to allow access via wan.  So I find it pretty unlikely that web gui not accessible before upgrade that it would be accessible after upgrade.  Nor would it be available on clean install of 2.3 without intervention to the default config. Please post how you believe that web gui is available via wan interface..

Ok, thanks for the reply. I've just tested it. Seems to work, I have the IP I ordered. I'll look into the logs if I find any such entries.

@jbhowlesr: So I added the rules from the links above and I'm finding intermittence in whether these services work or not. This is such a but pain. This quote is probably the best way to end the post. I can't stop feeling I kicked a hornet's nest here. In hindsight I think johnpoz answer was the better answer in a higher order of right and wrong. It seems more and more home users are using PFSense  and rightly so. Regarding Default Deny, M.Ranum once wrote:"It takes dedication, thought, and understanding to implement a "Default Deny" policy, which is why it is so seldom done." This is especially true for a home environment. Number 1 for any home user should be the manual. For a DD policy you must know Network basics, protocols and ports etc.  If not you may drive yourself mad if your internet hungry kids don't get to you first. Go back to the Default PFSense Lan rules and call it a day, no harm , no foul. In my view if you are running Microsoft you have bigger problems anyway in your network. :o sorry, don't shoot the messenger. I noticed the "Feedback" post and debated to reply here or on that one. Since your subject line was succinct I wanted to make sure others of future searches were well aware of the possible issues. I repeat Default Deny is not for everyone. If I sparked your interest, Great! But on the forums you may be hard pressed to find someone to know what is running on your private network. DD policy requires intimate knowledge of what is running on your machines. Only you can figure that one out. Research before implementing and a good grasp of network protocol and basics is a must. I do not think there will ever be an easy button for this type of setup. Sorry if I started you down a path you may not have wanted to travel. But, hey,  you asked.  ;)

Ah thank you :)

Thanks heper for pointing me in the right direction. This pfsense is running on a vm machine under virtualbox. There is a setting for the bios clock if it will send UTC or local time to the vm machine. I had it on Local and it needed to be on UTC for pfsense. Changed it and waited out the last update time of rrd and then the reboots are ok. I believed my clock was Ok since I have ntp on the host server and ntp in pfsense. /Best regards illern.

Oops apologies for not searching the bugtracker

thank you guys. will try to disable in BIOS. I will play a bit more with squid, hopefully, it is just human error. Thanks, will update. Update: 1, changed to dedicated to avoid fail over. NOT from within BIOS, but from web config. 2, squid works after fresh reconfiguration. Don't use old config file.