@NetworkCobra2020 I would like to say that this setting worked. I hope this can help others in the future. The original post, I had the timeout set to 9999999999999 seconds and then just updated it to 356000000 and that worked.

@zachg96 You can restrict traffic from hosts on a subnet from going anywhere else, with appropriate firewall rules on that particular subnet. What you can't do, as has been discussed, is to block traffic between hosts on the SAME subnet. They will be as chatty as you (or even the manufacturers) set them up to be. The rule you're looking for in your post above would look like this: Action: Block or Reject Interface: the subnet you want it to run on Address Family: IPv4 and/or IPv6 Protocol: ICMP Source: same as "interface" above Destination: any Save and done. Move this new rule to the very top of the list. Make sure you've got an allow any to any rule at the very bottom of your list, so hosts on this subnet can at least get to the internet, if needed. Hope that helps. Jeff

@vallum said in Add network latency for test purpose.: Wanted to check if there is an way to add Latency , i used to perform this on CentOS box using https://bencane.com/2012/07/16/tc-adding-simulated-network-latency-to-your-linux-server/ . any ideas? I used delay option in limiter to achieve this. so its working :)

Bump need your support urgent

10$ a month... Dude depending on what your wanting to host exactly you could spin up a vps for like $15 a YEAR You could spin up a digital ocean droplet for $5 a month, etc. Shared hosting can be had for very cheap as well. I just spun up a new vps the other day for $2 a month.. 512MB ram, 10G storage, unmetered bandwidth..

Thank you Very Much! this helps a lot!!! Bill

I know this is old, but I was seeing the EXACT same issue. The cause was Verizon Broadband Manager. It seems to send a POST to the default gateway every few seconds. After I removed the software, the log entries stopped.

@viragomann Thanks again. Really happy to have help so quickly. glad to be away from the watchguard as well

@akuma1x @johnpoz @viragomann Thank you all. The DHCP relay did trip me up. I normally turn off private firewall on my Windows clients, but didn't on these workstations...so that got me too! I've been my own worst enemy on this config!!! :-\

@tl5k5 said in "hotel mode" for an IP range?: I just thought there might be a clean way to do this on the LAN. There is a clean way - its called private vlans. But this isolates all clients on that network from each other. If you wanted client X to talk to client Y then you would have to manipulate the ports specifically they are connected to, can not do that via IP.. If you don't want group A talking to group B.. Then yeah you do that via vlans, and now you can filter traffic at your L3 router..

Problem solved: Ended up being an arp anti spoofing setting binding the default gateway IP to its MAC, but since pfsense is doing the routing the device was blocking another IP (the server) from using that mac.

if you need to block devices on the same network from talking to each other.. If they are wireless you would do that on the AP, with isolation. Different makers users slightly different names, AP isolation, client isolation, etc. For wired clients your switch would need to support what is normally called private vlans, which can prevent clients from talking to each other. If you want to do it and your L2 infrastructure doesn't support it, then you would normally split devices you don't want talking to each other into different vlans, so their traffic between each other would have to be routed (through pfsense) now you can filter it.. Other option is using host firewall on each device to block traffic you don't want to allow between hosts. There are many ways to skin a cat, but no pfsense has no control over devices on the same L2 from talking to each other.

As promised, here are the images of our Firewall rules. IPSEC: [image: 1597679616946-ipsec-fw-rules.png] L2TP: [image: 1597679620735-l2tp-fw-rules.jpg]

Fatal trap 9: general protection fault while in kernel mode cpuid = 1; apic id = 01 instruction pointer = 0x20:0xffffffff80cadc57 stack pointer = 0x28:0xfffffe00f21cfaa8 frame pointer = 0x28:0xfffffe00f21cfaa8 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = 12 (swi4: clock (0)) trap number = 9 panic: general protection fault cpuid = 1 KDB: enter: panic db:0:kdb.enter.default> show pcpu cpuid = 1 dynamic pcpu = 0xfffffe016f08b580 curthread = 0xfffff800049a2620: pid 12 "swi4: clock (0)" curpcb = 0xfffffe00f21cfcc0 fpcurthread = none idlethread = 0xfffff80004960620: tid 100004 "idle: cpu1" curpmap = 0xffffffff834f1c40 tssp = 0xffffffff835a3338 commontssp = 0xffffffff835a3338 rsp0 = 0xfffffe00f21cfcc0 gs32p = 0xffffffff835a9f90 ldt = 0xffffffff835a9fd0 tss = 0xffffffff835a9fc0 tlb gen = 151227 db:0:kdb.enter.default> bt Tracing pid 12 tid 100024 td 0xfffff800049a2620 kdb_enter() at kdb_enter+0x3b/frame 0xfffffe00f21cf7b0 vpanic() at vpanic+0x19b/frame 0xfffffe00f21cf810 panic() at panic+0x43/frame 0xfffffe00f21cf870 trap_pfault() at trap_pfault/frame 0xfffffe00f21cf8c0 trap() at trap+0x5d/frame 0xfffffe00f21cf9d0 calltrap() at calltrap+0x8/frame 0xfffffe00f21cf9d0 --- trap 0x9, rip = 0xffffffff80cadc57, rsp = 0xfffffe00f21cfaa8, rbp = 0xfffffe00f21cfaa8 --- _mtx_lock_indefinite_check() at _mtx_lock_indefinite_check+0x47/frame 0xfffffe00f21cfaa8 _mtx_lock_spin_cookie() at _mtx_lock_spin_cookie+0xd4/frame 0xfffffe00f21cfb18 softclock() at softclock+0xbf/frame 0xfffffe00f21cfb60 ithread_loop() at ithread_loop+0xe7/frame 0xfffffe00f21cfbb0 fork_exit() at fork_exit+0x83/frame 0xfffffe00f21cfbf0 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe00f21cfbf0 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- I don't recognize that backtrace and can't find anything similar in searches. Some sort of locking issue but not clear what it might be from. What packages are installed and running? What features are in use? What hardware is this? If it crashes again, post the backtrace. If it's the same then it may be a bug in the OS but if it's different that may imply it's hardware-related.