I can't see how I could do this exactly with alias. aliases are just bunches of Host/Network/Ports which can be used in rules. I agree that it helps to lower the burden. But if a completly new rule (new dest ip/port) must be setup I have to define (in fact you can copy) this rule on each other interface (using aliases to lower the burden for changes to the rule). Or if a new customer/interface will be setup, I have to copy all rules over to this new interface. I was just wondering if there is a smarter way for such a setup. I can live with the 'alias workaround' Or am I missing something?

what's the default time out value? Is the one we can set up at each firewall rule?

I have my switch configured to use both vlans 3 tagged and vlan 1 untagged on the same interface. Can pfsense not handle that? Woudl i have to use both of them as tagged for pfsense?

pass      TCP/UDP      LAN net        110 (POP3)      WAN address    110 (POP3)      * pass      TCP/UDP      LAN net        *    *    110 (POP3)      *

Block their networks in firewall rules. It might be hard to determine what all their networks are though.

hi! try running snort in lowmem mode. there seems to be troubles with the other modes. regards cc

@modis: pfff my router have same problem Please don't hijack threads. If your firewall rules aren't working the way you want them to, you have them misconfigured. You need to start a new thread and describe your problem.

I say resets… The modem loses connection and all the lights go out.. Then it trys to reestablish connection and that can take anywhere from 20 seconds to what ever.... most of the glitches that caused the problem the modem usually is just down for about 20-60 seconds.  I had to wait until I knew it happened again.  I was playing online last night and the modem dropped me off the net.  I did not reboot the router. So first thing this morning I tried to connect and I had no problems... I didn't have the latest patches/firmware.. whatever it is called.. so perhaps that was my problem.  If it doesn't fix it ..  I guess I will post another message.. thanks for the suggestions  that will be the first thing I look at if it happens again. Naelr

i have a friend and it`s using pfsense too.He has same problem after he made the upgrade.

Please test a new snapshot and report back, this should be resolved now. http://snapshots.pfsense.org/FreeBSD6/RELENG_1_2/

I'm not aware of anything that describes what you're after. In a nutshell - firewall rules affect what can go where, except in cases where the traffic is redirected to a local daemon, because the traffic is then sourced from the firewall itself and your rules do not apply in that case. I'd like to see an additional tab in the firewall rules page for traffic from localhost to other destinations, which would remove this limitation. Maybe something we'll see in a future release.

I did it. Burnt the CD with Imgburn, and after setting the harddisk on LBA in the BIOS the installation was succesfull. Thanks for the help, GruensFroeschli!

Thanks a lot for your excellent answer. In fact I thought "WAN Address" was similar to everything on the other side of the WAN interface like on the SonicWall firewall I was administrating before. Your description is very clear and I think the NOT LAN is an excellent idea in my situation. Your extra comment on the rule processing was very instructive as well. I am certain to reach my objectives now. Regards, Chris

Without some details of what you did and what is not working, error messages, etc. this sounds like crazy talk. If the OS got toasted during an upgrade, try re-loading and restoring your config.

hi again lowering the MTU didn't help also. the strange thing is i can log on using copete on linux easely. but when it comes to crapy windows, all clients starts complaining.

Seeing as how source ports are generally random, you probably only want to be filtering on destination port.