There was a glitch a while back that prevented the remounting command functioning but I thought that had been fixed with 2.0.1.
The / and /cf should be mounted read only in Nanobsd.

[2.0.1-RELEASE][root@pfsense.fire.box]/root(27): mount -p /dev/ufs/pfsense0      /                      ufs    ro,sync,noatime        1 1 devfs                  /dev                    devfs  rw                      0 0 /dev/md0                /tmp                    ufs    rw                      2 2 /dev/md1                /var                    ufs    rw                      2 2 /dev/ufs/cf            /cf                    ufs    ro,sync,noatime        1 1 devfs                  /var/dhcpd/dev          devfs  rw                      0 0

You can try remounting it RO manually:

/etc/rc.conf_mount_ro

Steve

You have to block using firewall rules.  We do block 443/HTTPS traffic to Facebook CIDR networks during regular office hours.

For us, we block the following destination CIDR networks:

69.63.176.0/20
69.171.224.0/19
63.135.80.0/20
66.220.144.0/20
65.201.208.24/29
65.204.104.128/28
74.119.76.0/22
204.15.20.0/22
173.252.64.0/18
96.16.0.0/15

Ok so this seems to have something to do with me setting up an ipsec tunnel. I have a second pfsense install that I know was able to check for updates. I then setup a tunnel to another location and then noticed it could no longer check for updates. Nothing else has changed. Even if I disable ipsec it can still not check for updates.

I have another tunnel I need to setup to another pfsense but I don't want to break that one too.

Any ideas?

As I understand it, you need to use Microsoft's RADIUS implementation via IAS in order to authenticate PPTP sessions against AD. IAS doesn't need to be on the domain controller (it can be on a member server) but IAS needs to be installed somewhere and pfSense needs to be configured to auth via RADIUS against it.

I wouldn't worry about it too much. If you run the mount command when connected to the box you'll see the flash filesystems are also mounted with the synchronous option (from my ALIX setup below):

/dev/ufs/pfsense0 on / (ufs, local, noatime, synchronous)
devfs on /dev (devfs, local)
/dev/md0 on /tmp (ufs, local)
/dev/md1 on /var (ufs, local)
/dev/ufs/cf on /cf (ufs, local, noatime, synchronous)
devfs on /var/dhcpd/dev (devfs, local)

Synchronous means the system will sync all writes and not return from a command until the write has been completed. Even if a power failure were to happen with the filesystem mounted read-write it shouldn't cause any lost data as commands don't return until the write is verified as on-disk.

@johnpoz
You helped me. You gave me some good tips. There will be other - non technical - solutions which will stop this kind of traffic. It is just a kind of forensic :)

pfSense logs only to ram. If you need long term logging you will need to use a syslog server. See:
http://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog

Steve

@balubeto:

pfSennse 2.0.1 can also directly manage the PPPoA protocol

No.

@balubeto:

or I are obliged to set the ADSL 2+ modem in PPPoA mode?

Yes.

Your ADSL modem will probably talk PPPoE to pfSense but pfSense needs something else to handle the carriage of PPP in ATM cells.

Numerous ISPs, and businesses that aren't ISPs but act as one (generally sharing their Internet amongst a building of other tenants), do exactly what you describe. Limiters generally the best for that type of usage, and the easiest to configure.

Check a sqlite sample on cpan.

using DBD
http://search.cpan.org/~msergeant/DBD-SQLite-0.31/lib/DBD/SQLite.pm
http://mailliststock.wordpress.com/2007/03/01/sqlite-examples-with-bash-perl-and-python/

using DB
http://search.cpan.org/~vxx/SQLite-DB-0.04/lib/SQLite/DB.pm

Remember to create the sqlite database first

att,
Marcello Coutinho

The reason for going with a smoothwall, Endian, or untangled type of distro is the subscriptions for the web filtering, anti virus, spam control ect… As well as they, like mentioned have done a lot of work to make the underlying packages pfsense uses to work, in a much more solid versital form.

I would love to run it all in one box but i have yet to see it possible to provide the features we need to meet certain security standards while keeping the speed there. And i am guess this is why I see a lot of people who have pfsense and untangled combo.

All right jimp.

Thank you for your attention! ;)

[]`s
Jack

That's always been the case. If the interface with the IP address configured upon it goes down, then the bridge goes down.

The fix is to assign the bridge interface and make the bridge interface your LAN interface, so it has the IP address on it, and your wired lan and wireless lan interfaces would be assigned separately with no IP address on them.

Search around the forum, it's been covered many times.