DISABLE  FTP Helper on ALL interfaces Interfaces -> Lan/Wan - > FTP Helper [CHECK]  Disable the userland FTP-Proxy application

I have done.. but I didn't find the answer to my problems.  :-\ I will continue.

http://forum.pfsense.org/index.php/topic,17782.0.html

Is there anybody?  :'(

Block simply discards the packet and returns no response to the source. It will cause a connection timeout on the client. Reject sends a TCP RST to the source, which will generate a 'connection refused' message and immediately close the connection on the client. It's generally better to use block rules on the WAN side; it will make scans take longer and removes a couple of DoS opportunities. Reject does make sense in some cases though, especially on the LAN side, where you want a quick failure, for example to block outgoing SMTP that doesn't go through your relay.

http://forum.pfsense.org/index.php/topic,16724.0.html or http://forum.pfsense.org/index.php/topic,2048.0.html

What do you want to do? How many vlan's do you want to use? How many interfaces has your pfSense box?

I could be off topic here, but you may want to check under "NAT" if you are using NAT on a single WAN interface, then you would have to set up NAT for both your LAN and OPT1 interface to have both connect to the internet. If you don't set up NAT for each interface, then you won't have OPT1 connect to the internet even with a firewall rule (which you should also set up).

Hey I did verify successfully that the access rules to LAN were created with the Captive Portal, so I will go digging around in there to see if there are any settings that I could find that would allow this to happen. I will post my configs when I have a chance if I cannot find a solution. Thanks.

That is interesting topic. First of all we have to be sure that  settings from GUI go correctly to pf rules. I'll try to reproduce it.

The link, I'll give you latter, but the tutorial is in Indonesian language, so I don't think that you want to see it…  ;D Yes, I am using some application that need UDP, but I've made the rule for it. But what about the other UDP port? It's danger if we pass all UDP port (any)?

In short: no. The idea of a LAN is that each machine can communicate directly with any other on the local network, without contacting a router. pfSense can't even see that local traffic (because you have a switch), let alone control it. There are some messy workarounds to this, but it's not worth the effort or confusion. The solution is that you need to create a separate LAN for each PC. To do this reasonably, you need to either have a separate interface for each PC, or use a VLAN-capable switch to accomplish the segregation. Then all traffic must flow through pfSense to reach the other LANs and you will have full control. You should, however, be able to control access to the pfSense WebUI or any other service running on pfSense, however you need to disable the 'anti lockout' rule in Advanced Settings.

well i guess i do quick dirty trick with load and balance trunck that has 0 Kbps speed that will cut the web access for the port but no explanation screen :(

thx, i am using pf 2 analyze my traffic… I have fight width my isp. My p2p drop suddenly this from 400 to below 50KB/s. Ul is fine. I changed everything except adsl modem and splitter but i do not believe that is problem because everything except p2p works ok. Some plugins for Vuze mention to many tcp rst. What I see definitly that I have many tcp connections on time wait and little true connections on my side.

under firewall rules for the wireless users add a rule of allow all, create new rule change protocol to any and that should do it if not change source to wireless subnet. for the email server you may have to add a static route to it.

No load balancing. VoIP goes out on wan and all other traffic out to wan2.

a lot of thanks thanks for relation.