Threads are autolocked if there is no reply for a year. I unlocked the linked thread.

I went to System –> Advanced -->Firewall/NAT tab. Near the bottom it says TFTP Proxy. I highlighted WAN & LAN and clicked save. This allows the phones to connect to the TFTP server and pull down new firmware.

I don't really understand what you want but: To allow access from a single IP, set in the source of a firewall rule: "IP_you_want_to_allow/32"

@Cino: by default everything is blocked coming into you WAN interface. If you only want US, CA, AUS, NZ ranges, use Country Block. It has an option to Select every list, then you uncheck US, CA, AUS, NZ… They will block all the country ranges before the rules you add. You are looking at a lot of Aliases and inbound rules the other way if you want want to have lets say a web server behind the fw. Thank you all for guidance. This can be closed issue.

Was struggling with my issue for a couple of days, but really today, it turned out to be a problem of router restart. I could not imagine, that there could be a situation with FreeBSD to act like Microsoft products :) If something does not work, try to restart computer :). Anyway, restarted router, which was online for 1.5 years, and everything stepped in their places - rules started to work. To be honest, could not find any info relating to such issues, nor can comment it deeper. For now, issue is considered as solved.

Do you have a WAN-rule allowing ESP? If not, try this. Maybe you need AH too. Give it a try. Action pass, Interface WAN, Protocol ESP any to any. Maybe you need a UDP-rule too, allowing Port 4500, 500. At the other side maybe you are allowed to change the cisco-client to TCP and try connecting with this.

No. pf will keep per-rule stats (you can see them with pfctl -vvsr from Diagnostics >Command) but any time the filter is reloaded the counts on the rules are lost, they are not kept over time.

Hello. There are several examples all over the forums. Also look at the documentation wiki to find articles like Port Forward Troubleshooting Search around a little more. The information you are looking for is everywhere.

m4rcu5, I ended up writing a VERY simple and rough solution in python that used regular expression to find the parts I wanted and submit them into a MySQL database. If you are interested I will send you the code. UPDATE: Here is the code #!/usr/bin/python import re,urllib2,MySQLdb,datetime,os from urllib import urlopen from xml.dom.minidom import parse, parseString from xml.etree import ElementTree as ET #API key for ipinfodb.com apikey = "GET YOUR OWN KEY" #import the file input = open('/home/user/pfsenseparser/grepped.log', 'r') #error log error_output = open('/home/user/pfsenseparser/error.log', 'a') #output files output = open('final.txt', 'a') # this allows for the IP to Lat/Long conversion url = "http://api.ipinfodb.com/v2/ip_query.php?key="+apikey+"&ip=" #MySQL Connect db = MySQLdb.connect("localhost","pfsenseparser","user","password") cursor = db.cursor() #what time is it? now = datetime.datetime.now() error_output.write('<------Started at: ' + now.strftime("%Y-%m-%d %H:%M") + '--->\n') #number of new entries num_new_data = 0 num_exist_data = 0 #testing variable no SQL or file write if set to 0 testing = 1 for line in input: #www.txt2re.com ################################################# re1='((?:Jan(?:uary)?|Feb(?:ruary)?|Mar(?:ch)?|Apr(?:il)?|May|Jun(?:e)?|Jul(?:y)?|Aug(?:ust)?|Sep(?:tember)?|Sept|Oct(?:ober)?|Nov(?:ember)?|Dec(?:ember)?))' # Month 1 re2='.*?' # Non-greedy match on filler re3='((?:(?:[0-2]?\\d{1})|(?:[3][0,1]{1})))(?![\\d])' # Day 1 re4='.*?' # Non-greedy match on filler re5='((?:(?:[0-1][0-9])|(?:[2][0-3])|(?:[0-9])):(?:[0-5][0-9])(?::[0-5][0-9])?(?:\\s?(?:am|AM|pm|PM))?)' # HourMinuteSec 1 re6='.*?' # Non-greedy match on filler re7='(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(?![\\d])' # Uninteresting: ipaddress re8='.*?' # Non-greedy match on filler re9='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])' # IPv4 IP Address 1 re10='.*?' # Non-greedy match on filler re11='(\\d+)' # Integer Number 1 re12='.*?' # Non-greedy match on filler re13='((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])' # IPv4 IP Address 2 re14='.*?' # Non-greedy match on filler re15='(\\d+)' # Integer Number 2 rg = re.compile(re1+re2+re3+re4+re5+re6+re7+re8+re9+re10+re11+re12+re13+re14+re15,re.IGNORECASE|re.DOTALL) m = rg.search(line) if m:        month1=m.group(1)        day1=m.group(2)        time1=m.group(3)        ipaddress1=m.group(4)        int1=m.group(5)        ipaddress2=m.group(6)        int2=m.group(7)        #print "("+month1+")"+"("+day1+")"+"("+time1+")"+"("+ipaddress1+")"+"("+int1+")"+"("+ipaddress2+")"+"("+int2+")"+"\n" ############################## #ipaddress1 is the one we want #lets see if it is in the database before we ask ipinfodb sqlipcheck = "SELECT * FROM pfsenseparser WHERE Ip_Address = ('%s')" % (ipaddress1) cursor.execute(sqlipcheck) data = cursor.fetchall() ipcheck = "" for row in data: daycheck = row[2] timecheck = row[3] ipcheck = row[4] if ipcheck != ipaddress1: #This is a new IP Address error_output.write(ipaddress1+' = New Data\n') url2 = ipaddress1+"&timezone=false"        url3 = url+url2        urlobj = urllib2.urlopen(url3)        data = urlobj.read()          urlobj.close()        dom = ET.XML(data) city = dom.findtext("City") country = dom.findtext("CountryName") region = dom.findtext("RegionName") region = region.replace("'", "")        lat = dom.findtext("Latitude")        long = dom.findtext("Longitude") if testing == 1: cursor.execute("INSERT INTO pfsenseparser (Month,Day,Time,Ip_Address, Port_Num,Lat,Longitude,City,Country_Name,Region,Num_Connect,Type) VALUES (%s, %s, %s,%s, %s, %s, %s, %s, %s, %s, 1, \"firewall\")", (month1,day1,time1,ipaddress1,int2,lat,long,city,country,region)) db.commit()        output.write(month1+","+day1+","+time1+","+ipaddress1+","+int1+","+lat+","+long+","+ipaddress2+","+int2+" "+"\n")                #output2.write(month1+","+day1+","+int1+c1+int2+","+ipaddress1+","+int1+","+lat+","+long+","+ipaddress2+","+int2+" "+"\n") num_new_data = num_new_data+1 elif timecheck != time1 and daycheck != day1 and reservedip == -1: #This is an existing IP Address but not a duplicate sql2 = "SELECT Num_Connect FROM pfsenseparser WHERE Ip_Address = ('%s')" % (ipaddress1) cursor.execute(sql2) data = cursor.fetchall() for row in data: num = row[0] num_new = int(num)+1 sql5 = "UPDATE pfsenseparser SET Num_Connect = ('%d') WHERE Ip_Address = ('%s')" % (num_new,ipaddress1) if testing == 1: cursor.execute(sql5) db.commit() num_exist_data = num_exist_data+1 now2 = datetime.datetime.now() if testing == 1: #send me a text os.system('echo \'parser.sh just ran with ' + str(num_new_data) + ' new entries and ' + str(num_exist_data) + ' existing entries\' | mailx youremailhere ') #write to error.log #insert timestamp and new entries into database if num_new_data != 0: cursor.execute("INSERT INTO pf_meta (Last_Run,New_Data) VALUES (NOW(),'Y')") else: cursor.execute("INSERT INTO pf_meta (Last_Run,New_Data) VALUES (NOW(),'N')") error_output.write('Ended at: ' + now2.strftime("%Y-%m-%d %H:%M") + ' with ' + str(num_new_data) + ' new entries and ' + str(num_exist_data) + ' existing entries\n') else: os.system('echo \'Just Testing\' | mailx youremailhere ') db.close() Like I said this is very rough. I have a mysql database setup with the correct tables. My end goal was to view the data in a web browser and in google maps. This is why I used the ipinfodb.com lat long lookup. If I find time I will post a more comprehensive how to on my blog. Link to follow… Link to more info: http://blog.poultonfam.com/brad/2011/04/18/custom-pfsense-firewall-log-analyzer/

great! thats what i need! thanks

Hi Skart, Can you explain how you fixed it. It can be helpful for the other members on the board.  …Actually im pretty interested at your version of the solution ;-) -m4rcu5

Hi rwhawkes, What i use to block the crap out is the rate limiter on the rules. Why on earth would someone make 100 conns/s if he is just browsing on port 80? That usually blocks the big offenders. If you have something like slowloris going on then snort might be of help. Snort also does a nice job blocking any known malicious networks. Hope this helps a bit in blocking your attacks. -m4rcu5

Not at this time, not easily anyhow. If it's in a rule or alias, you could hand edit the config (using viconfig) and then run /etc/rc.filter_configure If it's in a table that is dynamic, like snort or the ssh lockout, you can clear it on the command line with pfctl like so: pfctl -t sshlockout -T flush That would clear all entries in the sshlockout table

all you can do is enable or disable it.  search for: debug.pfftpproxy Roy…

Hardware update clients are notorious for being problematic - it all depends on how much effort the manufacturer put into making them work correctly and how they find out the WAN IP. One solution I've found to work reliably is to replace the firmware with the likes of DD-WRT, which has a well behaved update client built into it. Obviously that only works if your router is supported by DD-WRT.

@driek: Could you tell me what your firewall rule looks like? My logs contain a lot of these and I think I need to let them pass for my IPTV to work, but I can't figure it out.. If you're seeing them in your logs, then they're not being passed, so if your IPTV is working, it doesn't need them. They're usually just "chatter" you get being on a cable modem. It's a fairly straightforward rule to block them, without logging. Cheers.