Changing to an alternate port does help cut down on log spam though, and if your logs are more relevant it's easier to spot a potential security issue or targeted breach when you don't have to sort through a bazillion automated attacks.

Excellent, thank you both very much.

Blocking based on MAC addresses is not supported in 1.2.3 and is trivial to bypass so you're not actually adding security.  You can, of course, create firewall rules to block IP addresses, that's the point.  If you absolutely must only allow access based on MAC address, consider using the captive portal feature.

Ow sorry i didn't called that. Bandwidth for sure, and the firewall ports.

oh, crap, didn't see that, ok, will try it again and watch the logs and report back. Thanks, I'll be back!  :P

Everything you describe is the way things should work.

you can't use no state like that, or at all in this circumstance. As long as your source uses random source ports (which is generally always the case, you may need to fix something in your specific case) and a new one every time it opens a new connection, you won't have any issues with opening new connections to the same port.

read these http://doc.pfsense.org/index.php/Firewall_Rule_Basics http://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

Without much more information nobody can help you. Please start with screenshots of your firewall rules (and any aliases) and details of the downloads (URLs etc) that aren't being blocked.

If you blocked those IPs, you wouldn't be able to get there if the rule was setup right. A block rule like that should be on the LAN, and at the top of the list.

I found that I had to put WAN and brigde this to the LAN connection. I have turned off DHCP server. I have enable DHCP Relay - and put in the dhcp server ip. No my computer, connected to the LAN port, gets an IP,DNS etc… but I cannot ping/dig cnn.com etc.. :-/ I'm connected to my network, but I cannot see outside world..

Just ran into this for the first time here as well with two physical boxes running v1.2.1 w/CARP and having separate switches for each private/public subnet.  Interestingly, the only difference between this network and any of quite a few others we've worked on with pfSense was the presence of a number of new Windows 7 machines which had bad keys and all suddenly started looking for KMM servers at the same time, (with lots of NBT broadcasts in the process).  Confoundingly, it's a multi-WAN and we had just added the second link (on a separate switch of course) and thought maybe we had configured something wrong in the LB by accident.  Fortunately we have an identically configured setup at another location and after doing a line-by-line comparison between all the configs determined it had to be a bug in pfSense.  A quick search came across this thread and we have implemented jjponce suggestion of restricting traffic between the two WAN interfaces to pfsync and nothing else.  (This was only performed on the public-facing NICs as they were the only interfaces exhibiting the problem, his reference to CARP interfaces may still apply under some circumstances). To clarify a bit further for anyone else seeing this, the traffic only appears on the public side and completely saturates the external NICs.  If you do a packet capture all the packets are NetBIOS addressed from/to 169.254.x.x (actual IP varies of course) and run up to the maximum bandwidth of the WAN link.   To reiterate that last, the bandwidth utilization we observed was the physical limits of the dedicated lines coming in, NOT the limits of the local hardware.  This implies that pfSense is routing the broadcast packets out and they are getting reflected back by upstream devices(?)  The multi-WAN in this case has lines coming from two different ISPs, both lines having bandwidth caps set by the ISPs, one at 35Mb and the other at 100Mb.  All local hardware is Gb but the traffic load was never more than what the lines were (externally) capped at. We'll post again if jjponce's solution does not help, otherwise consider it the answer for now.

To block gtalk and chat from gmail.com, I have setup DNS forwarding for talk.google.com, talk.x.google.com and chatenabled.mail.google.com and forwarded all the three domains to my local IP. This has disabled Gtalk from both web and messenger.

Thanks for fast answer. Helped me a lot.

A relatively slow box with cheap NICs isn't going to do much more than that. Atoms with Intel gig cards can hit about 500 Mb. 2.0 may be a bit faster, but you're trying to accomplish more than your hardware can do. Normally I would expect the CPU to be maxed out, but you may be hitting bus speed limits or other limits of your hardware.

Hi Managed to get it sorted, user error and new with pfsense = not work lol