Blocking typical traffic in and out that I would do for a pbx in America. just use a strict firewall policy. do not put a permit any to any rule in there. only permit what is needed. are you hosting a website or any other services? Using Snort to try and determine possible intrusions. there is a package in pfsense for this. install it and take a look. Using very complicated passwords on all AP's (including hidden SSID, password with random spaces in it, non-sensical SSID if discovered, and MAC filtering)as well as non-descript computer names, network drives, etc, hidden SSID's and mac filtering isn't going to buy you much if any at all. security by obscurity is a very bad practice. ssid's can still be sniffed and mac filtering is easily spoofed. what you need to be sure is that your using the strongest encryption available. you need WPA2 with AES. anything less is vulnerable.

i read this topic http://taosecurity.blogspot.com/2005/07/distributed-traffic-collection-with-pf.html but i didnt get results…

hello, thank for your reply… no, i havent allowed 53 on the initial alias, but i did so upon reading ur reply.. but still NO GO... is there any other port that needs to be opened? thanks again :) isonski UPDATE: i altered the alias and defined first port 53 (DNS) before port 80 (HTTP) and otehr ports... not it works :D thanks a lot blak :)

I'm guessing maybe it is a retransmitted FIN segment.  Since the original FIN got through, the connection has been removed from the state table, so seeing a FIN segment is illegal and pfsense drops it (this is just a guess, mind you.)

yeah, i've figured out that it's the "pfctl" command that sucks up all the cpu.

In what way do you perform switching? Usually it is automatic process if you use loadbalancer in failover mode.

@smbsmb god am i happy i don't work for you.

Just unplug the rj45 and your done.

Thanks jjj - i dont see any intruders /var/log/filter.log :) I noticed that i disabled the firewall default rule :) you should try to disable too maybe it can help :) jigp

Wow… a reboot made it all better. Can someone explain why that was? Even when there were no states it was still allowed.....?

Best approach is to add a separate network for these visitors and lock that down.

kpa, thanks for your reply. Yes, the traffic is actually blocked by the pfsense router: i've tracked the packets using tcpdump, from the client to the pfsense to the web server (Zimbra mailserver) and back to the client through the pfsense router. This is were the packets are stopped. I have several applications (database and a Freecom file server) accessed by remote clients  and the connection to the Zimbra mailserver is the only one blocked on its way back. Thanks for your help.

Well, ripping everything apart, trying various pci network cards, and putting it back together, allowed me to determine that putting it back exactly how it was fixed my problem.  Not sure exactly why (maybe just having the modem unplugged for a while) it is now fixed, but it is. What I was able to find out, is that the jetway case I bought to go with my intel motherboard is a pain to work with, and I cannot get the pci riser working reliably with the atom motherboard (I can see the network card, but it isn't able to get any traffic flowing through it, and I get a bunch of watchdog errors).  But that is a problem for another day ;)

I find that using a voip phone over an IPSEC VPN tunnel affects the call quality quite seriously. I guess it is the overhead of the encryption. I have the same problem with a couple of home workers. Will try out the Alias hostname. Thanks

I tried to change the number 64 into 24 but no luck.. Configure the interfaces ifconfig $IFOUT inet6 alias 2001:4cb8:a95:1::2 prefixlen 64 changed to 24 ifconfig $IFIN inet6 alias 2001:4cb8:b95:1::1 prefixlen 64 changed to 24 …. I use "ipconfig on windows workstations but i dont see this kind of ipv6 ips.. jigp 1.2.2

Hi can you tell me how to know who brute force the box and also how to set limit of connections on ssh? Thanks jigp 1.2.2

Firewall –> NAT --> outbound Enable manual outbound NAT rules. Delete the autocreated rule and nothing should be rewritten anymore. Make sure you have the correct static routes on the upstream devices set.