@johnpoz Thanks again, that pointed me in the right direction, and I fixed it. It was a asymmetrical routing issue.

Unfortunately no. I rarely if ever need to restart that VM. It’s uptime was 172 days prior to my restart.

@Derelict said in (What's the) State lifetime in Conservative Optimization mode: ually only used for things like UDP VoIP when the g Oh man! That's awesome! It should be fine then. I forgot that these optimization things always gravitated around something like tunnels or VoIP. Nothing good comes out of letting servers connect out, e.g; Windows Update. Thanks a lot! You just made my day. I can now focus on documenting a few things--I'm soo far behind.

@sherrellbc Diagnostics > States You can filter for a specific IP and then kill these states.

Sorry it's taken me a few days to reply. I did some research and got frustrated fast as yours was the only one that was easy to read and understand. Rest were so in depth it got confusing. I did try a little testing on the set up you have. Not sure if I got it fully correct as I still got 'beeps'. So i reverted back and just kind of put up with the beeps. More secure. The only thing that I have a little concern on is the 'STRICT' NAT type in game. Is that something I should be worried about?

@ProfessorManhattan said in "Block snort2c hosts" Spamming Firewall Logs: Bock snort2c hosts" logs in the firewall logs. Not sure what you mean by that statement. Can you elaborate a bit, or better yet, post up a screen capture highlighting specifically what you are asking about?

hehehe ;) Glad you got it figured out.

Hello sorry for the delayed posting i just got back from a trip. I haven't noticed anything strange but i did decide i would change the ram. Something about the ram just kinda popped into my head when i was leaving. Not sure what it was but the issue is fixed and to answer your questions in order. Totally random just on one target. I built the system from parts on amazon revolving around this motherboard: Jetway NF795 Let me know if you want a full spec sheet and i can give that.

To be honest not exactly sure what your trying to do, since you don't show your interface rules, nor full rule sets, or even specifically is that floating or an interface? If your trying to pass dns, your rules need to be udp and tcp.. The rules your showing are only tcp, and you don't even show what is in your alias, etc.. And from the description they sound like outbound rules.. You wouldn't use interface outbound rules to allow access to pfsense IPs for dns from devices behind pfsense. Also if you want to make sure rules in floated are evaluated "first" you need to make sure quick is set on them. Which if that is your floating tab, they are not.

@sclim said in remote access to internal servers through web authentication, not vpn: web authentication, not vpn? Hi, I remember this on the SRX1500... not directly, you won't find something like this in pfSense VPN is one of the most secure ways to access it today, so developers don't plan for it.... web-auth access. You can do it with a little dexterity if you really want to: Say f.e. ... DDNS + https + Lets'E or own cert. + reverse proxy ??? I use this method to access several (https stream) IceCast2 internal servers (on http) behind pfSense

@dr_tech said in Possible to block certain websites using URL ?: Is such a provision available ? Yes, I thought pfBlockerNG would be a good solution. See the answer to your question at the attached link: https://forum.netgate.com/topic/138029/acl-s-support In particular, focus on the recommendation of @BBcan177 (maintainer and creator of pfBlockerNG)

That's exactly what I needed to know. Thanks!

If your SSH users coming from specific IP ranges, then change the inbound SSH rule to only allow their IP's. Better still get remote users to connect via VPN first. You could also report the offending AWS IP to Amazon. It might be script kids using the free AWS trials ? Who's using AWS hosting

I have 3 sites: Office: 192.168.2.0/24 Hetzner servers: 192.168.8.0/24 Azure servers: 11.0.0.0/16 The PBX is located in the Office: 192.168.2.50 It is trying to write data to the Hetzner network and a Linux box running in: 192.168.8.0/24 (192.168.8.5 specifically) The only floating ones I have are from Ban Lists on PFfBlockerNG and as you see they affect the WAN interface not the IPSec one: [image: 1599559378234-aafbe7b8-13d7-45cf-af25-49532b608a10-image.png] You are right about overlaps, that's what I assumed that the first one is prioritised and it shouldn't be 0/0 - but it seems that the IPsec rules are overridden. The traffic is purely over the IPSec network though as you see both are private range IPs (192.168.2.50 and 192.168.8.5)

Use the info found here https://forum.netgate.com/topic/156158/what-do-your-firewall-rules-look-like/25?_=1599304505040 and start blocking everything. Your LAN users will complain. Open up one by one the listed ports (see thread in link). Analyse what start s work. Note the relation between ports and services / programs. @ProfessorManhattan said in How to Tell What Application is Responsible for Traffic: the cumbersome proces You got that part right.