@jimp: Has anyone actually tried the nmap split handshake scans against a pfSense firewall to see if it made any difference? Without a tool I wouldn't have a clue how.  Wouldn't something this important get incorporated into tools like Metasploit?  Nothing shows up when searching there. http://www.metasploit.com/modules/

Thank you for your quick response. After I posted, it dawned on me. I added another rule below the BLOCK, schedule to ALLOW. Now all is good. pFSense 2.0 Schedule Tool tips  say "This Rule is Currently inactive" !!!  as opposed to "ALLOWing trafic. THIS is how my rules are now and work PERFERCTLY. BLOCK * XBox * * * * none MySchedule ALLOW * XBox * * * * none

ieee I posted a reply on another topic but it was actually for this one lol. Ok so it did come down to HW issue of sorts. Not sure what was up with the PCI slot I was using for the WAN interface but I reassigned the WAN to a different interface and now HTTP works w/o issue. Now I just got to get my two XBoxes to be open NAT. I have an ethernet testing tools so I can tell when there is a fault in a cable, They all seem fine

No, it isn't possible to use the GUI outside of the pfSense distribution in any meaningful way. Not without a lot of PHP code changes.

That was it. And it works brilliantly! :) Thanks

If means you have your SSH port open on WAN and someone tried to connect and login, but failed. In general it is not a good idea to allow your SSH port to be exposed to the world. If you must allow access, at least move the port to something else (222, 34890, 41383, some other random port) and enable key-only auth. That will both reduce the likelihood that someone will find the service, and that nobody can just keep trying passwords to get in.

That makes sense, I at least have somewhere to start looking now Thanks for your help.

Thx. To simple for me ;-) Works like a charm ….

@onhel: Did you explicitly setup the ICMP Type in the firewall rule?  Its right underneath the Protocol once you select ICMP.  You will need Any or at least Echo Reply. Correct, except Echo, not Echo Reply if you're allowing pings.

Issue Solved & Explained. Sill

Right…  I just wanted to know if one was less "backdoor hackable" than the other. Thanks!

thanks a lot p0ddie… ;D

16 gigs in 2 hours translates to roughly 2MB/s of traffic. This is well beyond what normal Bonjour multicast discovery is about. Check his machine (look at the network activity in activity monitor), it either shows constant 2MB/s of traffic on the lan port, or something else is really fishy. Anyway, this looks like a misconfigured client.