I really really wish they would be very large bold letter caveats when installing tools like pfblocker and for sure snort and even the proxy - that lack of understanding will BREAK your shit ;) hehehe Snort can take quite a bit of tweaking of the rules before it is of anything other than log noise generation tool… Putting it into block mode before you have spent the required time tweaking the rule set to weed out noise, etc.. is just asking for shit to break.. While I like the idea of pfblocker, it too is a very quick and easy way to break shit when you don't understand its actual use.. Letting it auto create rules if you ask me is a REALLY BAD idea..  If you want to use it to block countries IP ranges, and or remove ads then use the rules in alias mode and place the specific rules you want. In general letting stuff block stuff for you automatically is going to lead to shit not working, and you not understanding why.. As to the proxy, unless you have a bunch of puberty  age boys that your trying to block from porn ville it serves little use in anything other than a corp environment.. And just another thing that could break your shit for very little added benefit..

Firefox update 45.0.1 fixed this bug.

Just bumping this back up. I think this should happen at some point.

Good point on the caching, I was thinking for using it let's say I join a source game server and they use fastDL and it takes forever, my friends come over and they have to download the same junk. I thought it'd be useful for that, but that seems incredibly inefficient now that I think of it. The AP doesn't have Vlan to my knowledge but it'll just be for my private network, just a basic AP. I think I'll just remain stock with pfSense until I can find a reason to grab anything else.

@killmasta93: The worst part is recovering because its always best to start from scratch formatting the servers and the computers. Thank you again In the scenario I described, the server was "untouched" in that it just saved the files the workstation told it to (encrypted of course). From that point of view, their recovery was a complete wipe of their server's data drive and a restore from the previous backup. I always set my backups to do a complete copy of the data drive for just this scenario. And since they're Linux based servers (I stopped doing Win servers some time ago) it's trivial to segregate the server operating drive from the data drive. The net result is I have zero worries about the server being infected. As far as the workstation, yup that's a complete wipe and reload from scratch (Win machine and not worth the worries otherwise). Some users keep drive images to make it easier to reload the system, but encouraging them to keep all data on the server often simplifies everyone's life.

@jimp: Load balancing doesn't work at all when using a proxy on the firewall, so it's a moot point. This is crystal clear (to me) and pretty obvious. I was not meaning "with proxy on pfSense"  ;)

It shows. The fact you can't disable RAM disks there tells you you're on nano.

I would think Snort would be able to catch it with OpenAppID… but I'm far from an expert in Snort.

Start by posting your WAN & LAN details, as well as the settings for the LAN client you're testing with.

Specifically, check the /etc/raddb/clients.conf file. There should be an entry with the client address of the radtest source address and shared secret, similar to the following: client 23.34.12.90 {         secret          = shared-secret-pw         shortname  = nas-name         nastype      = other }

this is simple port forward, or inbound nat.. https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

please continue this thread there: https://forum.pfsense.org/index.php?topic=108336.0

But basically the LAGG algorithm is sending/receiving the file transfer on the same port on pfSense, so it's doing full duplex transfer. I am not really sure but all depends on the configuration you made! You can also configure that one LAN port is "doing" RX and the other is "doing" the TX part! And then you will be getting out; 1 GBit/s > TX 1 GBit/s > RX And this might be then even 1 GBit/s and not 2 GBit/s! But for sure the entire LAG (LACP) is building a aggregated 2 GBit/s fat pipe! Now theoretically, the gigabit ethernet can handle 2000mbps total. That is the exactly point where you are failing or made a so called thinking false in my eyes! 1 GBit/s line (cable) is able to send and receive 1 GBit/s over 4 adders of the cable in each direction and this is then 1 GBit/s in each direction and not 2 GBit/s in one direction. But I ran iperf between 2 machines using the simultaneous option, and the max I was about to get was about 450mbps both ways the same time.  So not sure why? If the technical and theoretical max throughput of a 1 GBit/s line is 125 MBit/s and with your LAG (LACP) you will get out then in normal and as a max. 500 MBit/s (4 x 125 MBit/s) but you got 450 MBit/s + the TCP/IP overhead that must be count on this on top you will be getting also nearly the macimum, or am I wrong with this? Anyhow  when I transfer a file the other direction, the algorithm uses 2 ports on pfSense, so then I'm getting closer to 1Gb in that direction. Then perhaps the network load you were producing with iPerf was not high enough perhaps I mean? Either way, I think I will upgrade to 10Gbe with the Chelsio card, that should solve any Gb bottlenecks. It is the best option as today in my eyes!!! The Chelsio card is fully offloading tasks such as VLANs based on using an ASIC/FPGA on its NIC and it is better driver supported in pfSense! So you will be able to fully unload from your pfSense box many TCP/IP based tasks and on top you will saving ports and getting more throughput then now.

Do what you did, just keep in mind you need to restart that OpenVPN instance after assigning it.

@BlueKobold: Create one or more rules pending on this. Or make the Servers be a member of the allowed other VLANs. I'm feeling like an idiot, I dont understand how to do that. :( You are able to store each config from the lowest bottom (easy) to the highest top (difficult) and then you might be swapping over the config to another pfSense firewall by using this xml file Thanks! My thought was to have a batch file to run and the type in DNS, passoword, ip-address etc after given questions. Maybe I've to reconsider that. Thanks for your answers!

CNTRL F5 did the trick.  Thanks so much!

Thank you so much for your help. I tried with a live CD running FSCK on the drive but it ended up being beyond help. It'll be way more easy to redo the settings than actually put way too much energy in saving broken data. I've learned something.