i have done the following and it works: NAT - Port Forward: Interface: the interface the dash buttons are on (wifi-net) Protocoll: Tcp Source Adress: The IP of the Dash button Souce Ports: * Destination Adress: * Destination Ports: 443 (as the dash buttons try to establish a ssl-connection to amazon when pressed) Nat IP: The IP of the Computer on the Net which shall receive the info that the dash buttons try to connect to the internet aka have been pressed NAT Ports: 4321 (anyone does, no portrange needed, as the buttons only try to connect to :443) Corresponding Firewall Rule: Pass On the Nat IP-machine I can receive the connection requests using scapy in python: from scapy.all import * p = sniff(filter="tcp and port 4321", store=0) print p[IP].src Every Button Press generates 5 requests. Problem : Scapy uses a lot of ressources, will take ~30% CPU on a Raspy B. Problem2: I didnt manage to use socket  module, as the buttons dont really connect, they just send ssl-syn and receive some multiple acks from the nat-ip. Here's what Wireshark shows (running on the Nat-IP machine; *.127 is the dash button, *.125 is the Nat-IP client machine): https://ibb.co/hwwi55 [image: hwwi55]

@fleece: My son stays up too late gaming.  Could I use pfSense to restrict his Internet access during days of week and time of day, say from midnight to 6AM?  I can give him the same IP address through reserved DHCP or something. Yes. In Services/DHCP server you can give your son a static IP. Then, in Firewall/Schedules you can create a schedule. Then, in Firewall/Alias, you can create aliases with adresses your son is allowed to go to (the gaming, for example). Finally, in Firewall rules, you can: 1. Add the alias to allow him to game; 2. Add, in advanced settings (at the bottom) the schedule) which limits the time he can do that. So after that time, the can still google his home work (sorry, I still can't live with that thought, I'm old fashioned, back in my days we had books  :-[ ) but can't game. Or, of course, even beyond that: he can't internet at all. Or, beyond that, with two schedules: Firewall rule 1: he can game until 4 PM with a schedule. Firewall rule 2: he can game from 9 PM-10PM with a schedule.

I have installed Status_Traffic_Totals too, many moths ago, but it always seems to not be collecting data until I go look at it. I've re-installed it, but every time I go back and check it, it's all zeros.

I just told one example, actually I have this problem with any website. and I don't want to see the content, I just want to block the site.

@ast: Can we use squidguard together with pfblockerng? Of course. pfBlockerNG has many, many, many, blocklists.

Because pfSense saves its logs on RAM, after reboot I cannot see any of the logs from before the reboot, so I don't have any information on what happens when the firewall gets into this state. I didn't set-up a log server because I am not very sure about how fast I will run out of memory. What version are you running? full installs haven't logged to ram for some time now. A remote syslog wouldn't run out of ram … if configged badly, it might run out of diskspace

@johnpoz: get a bigger tube ;) That's the kind of responses I was looking for ;-) What size do you recommend?

https://forum.pfsense.org/index.php?topic=132534.msg728642#msg728642 I am on 2.4 snapshots and its running 2.4.3 just fine.

You could setup an additional pool and then control access using the deny/allow MAC fields.

The items on the status screen are all that relayd will show you. Between that and what you can find by filtering under Diag > States you can see what is connected. If you need more detailed information or control over balancing, you should consider moving to HAProxy.

There isn't anything on pfSense for that. pfSense isn't a mail server, it's a firewall. You need a mail server filtering appliance type distro to sit in front of your existing mail server.

Me too.  I just learned about it recently.  I thought I might try it.

No, we are all not rebooting our 2.3.4 nodes weekly. Can you get to the webgui and look around when it acts up before you reboot it? Look at the usual things. disk space, ram, mbufs, etc. If you can get a status output: https://firewall_ip_address/status.php download that file before rebooting next time so you have one while it's failed.

Need more info and keep in mind this is coming from an amateur but I would give the client who is allowed access a fixed lease on your network, then write an allow rule to the specific website(assuming the site has a manageable ip set) with the client as the source, then write a second rule blocking everything else to the website. Make sure to place this rule set above your allow rules(depending on your rules)…I believe this is a form of "whitelisting". Not sure that answers your questions but need more info to be more help...

After some reading i understand now that this will lead to bigger problems … the cisco router is routing because of fixed routing tables ... bah im changing the big subnet in smaller ones on the client side