@lars-lindstrom did you managed to figure this one out ?

Hello both, Manu thanks for your reply. I have used thé viragomann solution, it' s aesy to configure. Kind regards

plink is part of putty which you can find here; https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

@gertjan thank you for the TuT. I did, its now its working.

@thebonden https://www.netgate.com/resources/videos-configuring-openvpn-remote-access-in-pfsense-software

This is very easy to do, and its the same way I do it on our routers ACLs. Disable logging of default rules Create a new IPv4 deny all rule (keep it disabled) with logging enabled. Move it to the bottom and enable it. Now only IPv4 blocks get logged,. Ive also disable all the pfblocker logging etc, so I only log denied IPv4 of my devices. Makes troubleshooting easier Also to "filter"out spesific noise, create new spesific deny rules above this bottom rule with logging disable. I do this with for example tcp 137 (netbios) andf other noise i dont care to log.

@wgstarks said in need help with firewall block rule for guest VLAN: I setup a pass rule for WAN but still no internet access. [image: 1644485776679-wannet.jpg] Wan net is just that the specific network attached to your wan, lets say 1.2.3.0/24 if that is the network your isp or you assigned to your "wan net" that would not be say googledns at 8.8.8.8 or www.netgate.com or any other "internet' IP it would just be your actual wan net. btw @Silence that little plus sign is to follow you, not give you a rep point via "liking" your post.. [image: 1644485920066-like.jpg] And no you can not like something more than once ;)

@kj32 said in How to log only packets of interest?: My brain: "The logging is coming from pf, the pf setup is handled under firewall, changing the logging should be under firewall". Yes, you can set the logging for each firewall rule independently. But the default deny rule is not shown up there, hence you cannot edit its logging on this place, but consequently in the logging section.

@unififcf said in Block Internal vLan from accessing Web UI: they said it is a TrueNAS Ah - yeah they do not have a "gui" to admin it, but you can for sure configure ipfw on it and manually setup the rules. Haven't played with that in long time. But ipfw can be its own learning curve for sure - yeah best to move that to different vlan than all your users and just use pfsense.

@dma_pf It’s a laptop, and yes, Express VPN is installed. My curiosity is why is it flooding requests to its own DNS even when the VPN is disconnected? I turn the VPN on from the CLI when I want to activate it, but it’s constantly bombarding with requests when it’s off. Also, when I pass the traffic, it makes connections on, I believe, port 3000. If I remember correctly. And I traced the connection it makes back to some Google/Mozilla thing. mozgcp.net https://support.mozilla.org/en-US/questions/1352614 But all this happens even with the VPN connection turned off? If Mozilla and Google are constantly connected using my VPN, how is the VPN providing anonymity?

@viragomann Thank you, someday I may learn to read and understand what I read. Elmo

@alan-t this would normally not be logged by the default deny rule because the default lan rule is any any from the lan net.. If you have edited the lan rules to be specific and not allowing then default deny would log this by default yes. But even when you have rules to allow this traffic it wouldn't go anywhere because it has no where to go it a directed broadcast for that specific network. Just because pfsense can see it with a rule that allows it doesn't mean it will do anything with. Adjust rules so its allowed, or create a specific block rule that doesn't log it, or turn off you logging of the default deny..

@kj32 said in How to use URL table (IPs) alias?: Well, looks like http://127.0.0.1 it will be. We will see how far I get down that path. Using http://127.0.0.1 works, in the sense that packets that match an address in a list of one of the URL tables are dropped. That's good. No prize will be given for ease of configuration, however. Setting up a configuration file for pf was much easier, and had the further advantage that I could explicitly control packet logging.

@dma_pf Finally, i resolve it, after changing the NIC in Hyper-V. As i have, two physical NIC, i use the first one for WAN, and the second one for LAN. So, stop using any virtual card, all features working properly, and i can print directly to any remote printer. Then, just tried to switch my local NIC of my PC, to look at the WAN of pfSense, and once again i was not able to print. Anyway, the problem has just resolved, and i would like to thank you once again dear @dma_pf

@johnpoz Yup it was an issue with the box. Thanks!

Thanks for your reply. Prompted with ARP suggested an idea in which direction to look for a solution. The problem is most likely related to a feature of the Cisco ASA, which is in the same subnet. At the moment, pfSense is being tested, after changing the network configuration, Virtual IPs problems did not appear.

@johnpoz I am going to submit a redmine to put "inbound/outbound" in those rule labels.