Also diagnostics/states or status/system logs/firewall

LOL, from the makers of MRTG, I should have remembered that one…!!

Thanks! :D

Format the stick and only use it to store the config booting from the livecd. This is option 98, not 99.

Things regarding virtual IPs are often not working due to arpcache issues of the devices in front of you. Try to reboot the device in front of you or take down the line for some minutes to make the arp caches expire.

it's not vro but vr0 (this is the number zero, not the letter "o").

Upgrade to 1.2 release or maybe even reinstall. RC4 is outdated.

I found that the developer version is 1.2-BETA-1.iso.gz.
Is it this one that I should use?

Thank you.

The administrator of ma.cx have disabled ezard.ma.cx for now.

[1] Advanced Options
[2]State Type

You can use these to help guard against DOS attacks

Yeah, it looks like that would help… but it could be a bit cumbersome if you were trying to make a firewall more resistant to attacks on all ports and destinations. I'd have to think about a good way to handle some sort of global settings.

What I did find helpful was increasing the number of states the firewall could track. I bumped it up from 10k to 40k and then 64k. The higher the setting, the more responsive the firewall itself remained while under attack and with the state tracking table full.

I was watching memory consumping (the ALIX box has 256MB total) and total free memory didn't seem to change much even when tracking 64k connection. In the past I've seen reports of anywhere from 3k to 1k of memory used by each connection tracked. Anyone know if these are still correct?

LAGG isn't supported under pfSense 1.2, regardless of the version of the underlying FreeBSD.  If you try to make this work, you are on your own.

Ok it will log the extended information, but when I deselect that option it leaves the firewall log empty.

I tried /etc/rc.d/syslogd stop / start

No effect.

I don't see that on any of my systems though I'm using pppoe and pptp on almost all of them as well.

processes.png
processes.png_thumb

WOOOOOOHOOOOOOO!!!!!!!!!!!!!!!!!!!!!!!

WORKED LIKE A DREAM!!!
WORKS GREAT!

THANK YOU!

Make sure only the master has an ip set in the carp sync settings to sync to. the slave should not sync the config back to the master as this will start a ping pong game followed by a filterreload as the config might have changed.

I never thought it was a good idea from microsoft to set such a low limit  :P

Just in case someone is searching for something similiar for osx: http://www.memention.com/airportflow/
Work's with pfSense as well as it just uses snmp.

Make sure your hosts are really doing nothing. This somehow sounds like one of your hosts is a bot starting to cause massive packet load. View pftop from the console of the pfsense when that happens again to see what's going on on your network.

Ah the troubleshooting skills of a pfSense Hero, thanks a lot man that will work great!

josh