Your OP said "going up and down".  What is the pfsense sending back?  Unless you are running some kind of open service they can access, they should not be using anything like 2mb/sec.

because specifying "wan address" means: "filter if the destination is the WAN address".  in this case, the wan address is the gateway, not the destination.  nothing strange about this.

That would fit in with this question too.

Possibly, but if it all goes wrong and you break your box you're on your own.

You can refer here: http://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy

Please refer to this link: http://doc.pfsense.org/index.php/Setup_Squid_as_a_Transparent_Proxy

Blocking typical traffic in and out that I would do for a pbx in America. just use a strict firewall policy. do not put a permit any to any rule in there. only permit what is needed. are you hosting a website or any other services? Using Snort to try and determine possible intrusions. there is a package in pfsense for this. install it and take a look. Using very complicated passwords on all AP's (including hidden SSID, password with random spaces in it, non-sensical SSID if discovered, and MAC filtering)as well as non-descript computer names, network drives, etc, hidden SSID's and mac filtering isn't going to buy you much if any at all. security by obscurity is a very bad practice. ssid's can still be sniffed and mac filtering is easily spoofed. what you need to be sure is that your using the strongest encryption available. you need WPA2 with AES. anything less is vulnerable.

i read this topic http://taosecurity.blogspot.com/2005/07/distributed-traffic-collection-with-pf.html but i didnt get results…

hello, thank for your reply… no, i havent allowed 53 on the initial alias, but i did so upon reading ur reply.. but still NO GO... is there any other port that needs to be opened? thanks again :) isonski UPDATE: i altered the alias and defined first port 53 (DNS) before port 80 (HTTP) and otehr ports... not it works :D thanks a lot blak :)

I'm guessing maybe it is a retransmitted FIN segment.  Since the original FIN got through, the connection has been removed from the state table, so seeing a FIN segment is illegal and pfsense drops it (this is just a guess, mind you.)

yeah, i've figured out that it's the "pfctl" command that sucks up all the cpu.

In what way do you perform switching? Usually it is automatic process if you use loadbalancer in failover mode.

@smbsmb god am i happy i don't work for you.

Just unplug the rj45 and your done.

Thanks jjj - i dont see any intruders /var/log/filter.log :) I noticed that i disabled the firewall default rule :) you should try to disable too maybe it can help :) jigp

Wow… a reboot made it all better. Can someone explain why that was? Even when there were no states it was still allowed.....?

Best approach is to add a separate network for these visitors and lock that down.