Not sure if this is the case but I had random crashes when I upgraded to 2.1. I fixed it by doing a backup, doing a fresh install instead of the upgrade and restoring the backup. No crashes since so if you did an upgrade to 2.1 i'd suggest doing a fresh install.

Found my answer hidden in the DNS forwarder settings to register local systems in DNS.

Using Snort with a specific signature for Ultrasurf seems like a better way to do it. Maybe using Layer7 with a specific pattern. Although even using these will fail eventually as ultrasurf employs many techniques to disguise itself. If you look at firewalls that claim to able to block it (Watchguard, Sonicwall) they are doing it using Layer7 pattern recognition. You can attempt to block the IPs ultrasurf uses for it's servers but it will fail eventually as the list is a constantly moving target. Steve

@stephenw10: What most people want to know is the throughput of the box. I.e. 'If I have a 200Mbps WAN connection can hardware X pass that?'. To test that you need a box on both sides that is at least as fast as the pfSense box. A popular test is utility for this is iperf, it's inclufed in pfSense so you can use 3 pfSense boxes to test but it's also available for other OSs. Run it as a server on a box on one side of the box under test and as a client on a box on the other side. Test the throughput. Test it in the other direction. This artificial test will give you a nice comparable number but real world bi-directional, multi-connection traffic will be different to some extent. Steve Thanks, i will try using iperf as instructed.  :)

Possibly it's failing to download the lists. This question would be much better in the pfBlocker thread: https://forum.pfsense.org/index.php/topic,42543.0.html Steve

jimp Thank you for the straight forward reply… how did I miss that  ??? and i've been around pfsense for like 2 years now... I just never tried this... and been bumping my head against this for a while... I guess I kind of ignored it as I thought it was for multiple pfsense's?... actually I have no idea what happened in my head... Again, thanks for the reply!.

What I do to stay fit for me. Not need to be downloaded on the web too. I will get back with you.

Well you could enable "Deny unknown clients"  And create reservations for all your workstations. From a general security setting any ports not in use should be disabled, if users are plugging into unused ports those ports should be off in the first place. Now sure what your using for switching, but many managed switches provide for port security.  Look into cisco port security for example. http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/port_sec.html This can allow you prevent users from unplugging their workstations from the port on the wall and plugging in their devices.  Now if they are smart enough to change the mac your out of luck :) But this is more security than just not giving them a dhcp address.  You can also enable Static ARP entries in pfsense, now it will only talk to devices it has reservation for, etc.  This prevents users from just putting in a static IP on your network. You could look into a fullblown NAC or NAP.. http://en.wikipedia.org/wiki/Network_Access_Control Something like http://www.packetfence.org/ comes to mind.

Status -> DHCP leases will only show you clients that request DHCP addresses from pfSense.  To check for static IP hosts as well, head over to:  Diagnostics -> ARP table.

@Clear-Pixel: Until we find out how Cisco will affect the open source end of it if any, I suggest continue developing the snort package and refining it. Oh, I don't intend to abandon Snort at all.  Just looking at Suricata as another alternative to have in the package collection. Bill

Figures it would be in the one place I never go to,thank you for the help.

If you are on NanoBSD (e.g. CF) then it's not particularly sensitive. A full install without any extra packages probably wouldn't have any problems either. If you have packages with a lot of volatile data on the HDD such as squid, then you might have problems.

How old is the Soekris device? How much RAM does it have?

@jimp: The code on the backup page hides sections that do not exist in that config.xml If Aliases doesn't show up, then it doesn't exist in that config.xml It should show up in the Restore Areas section though, assuming you're looking on the target which has no aliases yet. Heh…  I assumed that since he was asking that there was actually something to export.

You can use the "Set interface(s) IP address" option to change it, or using the GUI (Interfaces > LAN) Using ifconfig would only work temporarily. Next time the system refreshed the interface or the firewall rebooted, it would go back to the setting in your config.xml