Of course! Heh… I have way too many images of pfSense floating around on my computer, and I'm too used to installing it onto embedded machines with very little memory. smacks self on head

How about this feature for squid? Would this work? https://code.google.com/p/squid-ecap-gzip/

HTTP blocking with different blocking groups is relatively simple to set up. HTTPS is a bit more difficult… I struggled with getting HTTPS filtering set up at our school for a couple of months toward the beginning of this school year. The way I ended up setting it up is by using the "SSL man in the middle Filtering" in the Squid3-Dev package. Unfortunately, this throws certificate errors unless you install a CA cert from pfSense. It's a pain to set up (need to install the CA cert on each individual computer), but once it's in place it works. As far as I know (unless you go the route of DNS-based filtering such as OpenDNS) there is no way to do completely transparent HTTPS filtering without needing to install a certificate on each computer. As for having different blocking groups, you can most certainly do this with Squid. (I use Squidguard here for blocking, by the way, so I'm not familiar with the blocking package used in the tutorial you linked). Under the "Groups ACL" tab you can create a new group, and set up which IP addresses it is applied to (you can do individual IPs, or whole subnets... I just do 192.168.4.0/24 to apply it to the whole .4 subnet). Hopefully that helped some... At what point are you in the setup? Have you gotten the proxy working yet for at least HTTP?

ARP reports all known MAC addresses on a given interface. Bridging is essentially like a switch, so the original MAC address of the device on a separate segment is still used. To me, this is a valid report.

Apparently I had a space at the beginning of the URL string, this was causing the error and is now working.

Thanks for the feedback. Torrenting from any machine tanks the server, I think I already mentioned that. I'll try using a different virtualization solution to see if anything changes. Thank you.

I may have found what I was looking for http://lists.pfsense.org/pipermail/list/2012-April/001952.html Looks like an established TCP connection ha a VERY long time out. So my question is what benefit does this give me? Assuming my router can handle it, how can I use this to better manage/troubleshoot/diagnose/etc? I assume there is a reason for such long time outs. I think I read before that idle connections will get evicted if the state table starts getting full, so these states shouldn't hurt anything. Thanks!

Which aspect does it negate? The Windows 7 OS would not have connectivity. You are simply using the Windows driver to establish a layer2 connection via wifi. As long as you've removed IPv4 and IPv6 from the NIC then there will be no layer3 connection. You may want to remove any other layer3 protocols like netbios etc. The problem might be that the Windows wireless connection manager tries to establish an IP connection and then freaks out when it can't. You can probably do it manually in the driver properties if that's the case. It shouldn't do though because you can connect to wifi network that doesn't have a DHCP server. In that case you can connect but have no IP connectivity unless you set a static IP. Steve

Alright. I'm sorry I didn't keep you updated on this, but the problem was that the operating system was corrupt. All I did was a quick reinstall and that got the job done.

Thankyou!! You solved a major issue for me!

when adding a website to the allow list, you need to click save. and after go the page of the Squad and click apply always click APPLY

Yes rogue dhcp servers can be a huge PIA!  ;) Another user here experienced a similar thing except that the rogue server turned out to be an mobile hotspot application running on an iPhone. The user who's phone it was didn't even realise it was running and of course it was only there during work hours when diagnosing stuff is most difficult. Always worth remembering that story when things are looking really weird. Check the MAC of the DHCP server, you can see if it's the correct one instantly and if it's not you can find out the manufacturer which gives you something to look for. Of course that doesn't help if it's a malicious attack where the rogue server has spoofed your own MAC. Steve

On Windows (I don't know if you can do it under Linux) I usually untick the IPv4 and IPv6 protocol on the network cards which supply connectivity to other network segments. For example : If I have a pfSense box with two network cards (RED = WAN) and (GREEN = LAN) then I usually untick both IPv4 and IPv6 from the WAN interface. The LAN interface I leave as is, as you'll need to have either a static IP (suggested) or dynamic IP on it for you to connect and administrate pfSense. The rest don't need IPv4 or IPv6 either, should you have other network cards. This makes it more difficult for ne'er-do-wells to try and hack the windoze box hosting pfsense.

@pfNeo: can a tcpdump file be converted to exe? In Security Onion, you can recover files in multiple formats. The new pfSense Suricata package also has file capture capability.

You are correct. It did not auto install. Got it going now thanks!

yeah using the same sort code as exists on other pages would be fine, you're welcome to submit a pull request to master/2.2 with that.

Anyone…. ? ::)