yes i read that while searching for an alternative - dns blacklist.
sad to say its not updated upto its current version of pfsense.
well yeah i use squid3 in order to run smoothly squidguard.
but i am hoping for an alternative, a web filter without having a proxy anymore - aside from opendns.

That should work OK with VLANs. You'd put pfSense on a trunk port, and make a separate VLAN for each WAN, and then in pfsense define the VLANs and assign them so they each appear as a separate interface.

That is possible with squid+squidGuard if you're just talking about an HTTP site.

@johnpoz:

What about if the url is say https://something.ads.com/somepath/dir/ad.html ?  Since this does not exist on whatever webserver you point to your webserver would normally return 404, and your browser might bark that the SSL on the https isn't trusted.  So you would need to make sure your browsers trust whatever ssl cert your using..

That's still up to the web server. It's quite easy in Apache to have it answer any request with a specific file via mod_rewrite or similar. Other web server software probably has a similar mechanism. Beyond the scope of the forum here, but it turns up easy in a google search, or just look at what CMS packages like Wordpress use in their .htaccess files.

I have tried using the intel card for both LAN and WAN, and separate intel cards, one for LAN and one for WAN without any effect.

got it as I found it in the docs.

https://doc.pfsense.org/index.php/Automatically_Restore_During_Install

The example with the USB drive gave the answer.

@marvosa:

Glad to hear everything is working!

As far as the "Allow DNS server list to be overridden by DHCP/PPP on WAN" option, I have it un-checked, although it's moot for me because I have a static IP.  You would only need this option if you're getting your WAN via DHCP and you want to be updated automatically if your ISP changes it's DNS servers.

i.e. If you're static, un-check it.  If you're DHCP, check it.

you make my Day,
thank you so much, and everyone does helps !

The Emerging Threats Rules has a "Policy" category that has Flash alerts. I am using the Paid version, so I am not 100% sure if those rules are in the Free ET Version.

If you use Chrome as a browser, Flash and PDF viewing of files is builtin.

You can pretty much get away without installing FLASH and Adobe Reader for most installations by using Chrome.

The rules are for traffic arriving on an interface. You can delete rules on each LAN that have "source LAN3" because LAN3 source IPs will never arrive on either LAN. Also delete rules on each LAN3 that have "source LAN" because traffic from the LAN that is local to each pfSense will never arrive on LAN3.

You need a rule on LAN3 that allows traffic with source "the LAN subnet of the opposite pfSense". It is probably easiest to make an Alias on pfSense1 for the pfSense2 LAN subnet - "RemoteLAN" - and then add a rule on pfSense1 LAN3 to pass source "OtherLAN".
Then do the same pattern of thing on pfSense2 to allow traffic from pfSense1 LAN.

Just to verify, where is PFsense in this scenario?  Can the servers in the DMZ access the LAN?  We need to know the IP schema.  Also, post your server1.conf

You'll have to forgive me, but I do not see a question here.

I think I found a solution from this thread

https://forum.pfsense.org/index.php?topic=51468.0

I did 2 changes:

1. Change WAN IPV6 Configuration, from DHCP to NONE
2. Advanced - Networking - IPV6, uncheck Allowed IPV6

Problem solved. I hope it will help other people.
Thanks

status_rrd_graph_img_cpu_disableipv6.png
status_rrd_graph_img_cpu_disableipv6.png_thumb

I just wanted to inform you that a fresh ibstallation of pfSense did the trick, WITH Lan as a private network in Hyper-V and WAN as an external network  ;)

Does anyone have any theory as to the cause? I would restart apinger or reboot the firewall and it would go away, as some have mentioned, for a matter of hours and then be back. Mysteriously, the problem seems to have subsided. Anything further I can do in regards to troubleshooting or additional information gathering? Worth submitting a bug report?

If the error count is accumulative, there are none shown.

Status up
MAC address 1c:af:f7:0e:57:da
IPv4 address xxx.xxx.xx.xx 
Subnet mask IPv4 255.255.255.0
Gateway IPv4 WANGW xxx.xxx.xx.x
IPv6 Link Local fe80::1eaf:f7ff:fe0e:57da%vr0 
ISP DNS servers 127.0.0.1
xxx.xxx.xxx.xxx
x.x.x.x
Media 100baseTX <full-duplex>In/out packets 701359/732555 (328.44 MB/324.27 MB)
In/out packets (pass) 701359/732555 (328.44 MB/324.27 MB)
In/out packets (block) 716/2 (121 KB/152 bytes)
In/out errors 0/0
Collisions 0</full-duplex>

A couple of days later and - without touching the pfSense box - this problem seems to have disappeared. Weird!