Isn't there a simpler method? I'd need a bit of coaching to complete this endeavour

@kirmou: Thanks! We upgraded last friday to 1.2.2 and the CPU load in Site1 seems to be lower now. No problems so far. I'll report… Kirmo Uusitalo The problems still exist in site1. Hangs / reboots every now and then. We switched on "Use device polling" setting in Advanced settings. I'll report… Kirmo Uusitalo

louis-m has a point. It depends on how far you want to go. If you really have a lot of programs accessing the Internet through many different ports then you would have to set those up to explicitly allow outbound traffic only on those ports. It all depends on what you consider more important.

Ok, it's IMspector which blocks my msn connexion… but how? with the previous setup, imspector was running fine... now as soon as i activate it, impossible to login to msn, neither to log the conversations on msn... is the package still working? How do i reset totally the Imspector config?

Well if there are any rules below it that would allow it out, then they would apply first. (Like the default LAN allow rule.) A quick way to test would be to put a block right beneath it with the same source IP and turn on logging to see if it is blocking. p.s. if you are limiting the clients to the same number of connections, one rule would cover that. simultaneous client connection is per source IP. So a rule with a 50 simultaneous limit from any source would allow 50 connections from each client.

RST packets have no payload and hence no port. I am far from an expert but based on my reading of the Snort documentation Snort is able to detect the RST flag and alert, you may be able to configure a combined rule in Snort to achieve your goals. I don't know enough yet to tell anyone how to do it though …. but I am working on it. You may want to check out page 129 of the Snort user guide. http://www.snort.org/assets/82/snort_manual.pdf My guess is that you could let Snort deal with the RST packets and let pFSense handle the rest, I can't think of a valid reason to accept an RST incoming anyway.

What is it really you wanna do to the Rules? jigp Davao City

Is it okay now ? jigp Davao City

Hows it working mabbus? Be sure your NAT is doing okay. Also try restarting firewall. jigp Davao City

http://forum.pfsense.org/index.php/topic,15689.0.html

thanks