DHCP leases can be viewed in pfSense by navigating to Status > DHCP Leases. Thanks…

The fix we put in to make pw's writes safe (fix for passwd file corruption) also made it slow in some circumstances, especially with large numbers of users. Short of thousands of users, I haven't heard of any delays of minutes attributable to that. In FreeBSD 10.3, a different fix for that problem has been implemented which doesn't have the performance issues in those circumstances. I've put it through our power cycle test rig upwards of 3000 power cycles immediately after passwd write, and it still survived fine. I haven't tested large scale performance, but the FreeBSD developers who reviewed and implemented the change have. So any portion of it attributable to that will be significantly faster in 2.3.

@cmb: Yes. In the plans for the future. Any idea of a possible time line? :) Thanks

No need with modern SSDs to disable logging. That option disabled all logging except filter.log, I just fixed that. https://redmine.pfsense.org/issues/6018

I really really wish they would be very large bold letter caveats when installing tools like pfblocker and for sure snort and even the proxy - that lack of understanding will BREAK your shit ;) hehehe Snort can take quite a bit of tweaking of the rules before it is of anything other than log noise generation tool… Putting it into block mode before you have spent the required time tweaking the rule set to weed out noise, etc.. is just asking for shit to break.. While I like the idea of pfblocker, it too is a very quick and easy way to break shit when you don't understand its actual use.. Letting it auto create rules if you ask me is a REALLY BAD idea..  If you want to use it to block countries IP ranges, and or remove ads then use the rules in alias mode and place the specific rules you want. In general letting stuff block stuff for you automatically is going to lead to shit not working, and you not understanding why.. As to the proxy, unless you have a bunch of puberty  age boys that your trying to block from porn ville it serves little use in anything other than a corp environment.. And just another thing that could break your shit for very little added benefit..

Firefox update 45.0.1 fixed this bug.

Just bumping this back up. I think this should happen at some point.

Good point on the caching, I was thinking for using it let's say I join a source game server and they use fastDL and it takes forever, my friends come over and they have to download the same junk. I thought it'd be useful for that, but that seems incredibly inefficient now that I think of it. The AP doesn't have Vlan to my knowledge but it'll just be for my private network, just a basic AP. I think I'll just remain stock with pfSense until I can find a reason to grab anything else.

@killmasta93: The worst part is recovering because its always best to start from scratch formatting the servers and the computers. Thank you again In the scenario I described, the server was "untouched" in that it just saved the files the workstation told it to (encrypted of course). From that point of view, their recovery was a complete wipe of their server's data drive and a restore from the previous backup. I always set my backups to do a complete copy of the data drive for just this scenario. And since they're Linux based servers (I stopped doing Win servers some time ago) it's trivial to segregate the server operating drive from the data drive. The net result is I have zero worries about the server being infected. As far as the workstation, yup that's a complete wipe and reload from scratch (Win machine and not worth the worries otherwise). Some users keep drive images to make it easier to reload the system, but encouraging them to keep all data on the server often simplifies everyone's life.

@jimp: Load balancing doesn't work at all when using a proxy on the firewall, so it's a moot point. This is crystal clear (to me) and pretty obvious. I was not meaning "with proxy on pfSense"  ;)

It shows. The fact you can't disable RAM disks there tells you you're on nano.

I would think Snort would be able to catch it with OpenAppID… but I'm far from an expert in Snort.

Start by posting your WAN & LAN details, as well as the settings for the LAN client you're testing with.

Specifically, check the /etc/raddb/clients.conf file. There should be an entry with the client address of the radtest source address and shared secret, similar to the following: client 23.34.12.90 {         secret          = shared-secret-pw         shortname  = nas-name         nastype      = other }

this is simple port forward, or inbound nat.. https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

please continue this thread there: https://forum.pfsense.org/index.php?topic=108336.0