@rcktboy:

Does anyone have tips on how to easily block domains without a proxy on both LAN and OPT1?

Well, the two easiest ways that come to mind would be to

use the DNS forwarder to point those two domains to 127.0.0.1 or block their IP ranges (using aliases makes it easier)

If you want to be thorough, you can use both ways.

Agreed…

Wow it took me longer to give this a try than what I thought. So, I was finally able to get this going. All I had to do was click on  "Insert my local MAC address" that did the trick. Everytime I kept talking to the ISP tech support, he couldnt see my pfsensebox. With the other ISP, he could always see my pfsense box..so once I clicked on  Insert my local MAC address it worked instantly..

Thanks for all the responses

When I applied the latest update today … after reboot the connection was UP.
Great.

Let's see what happens next time ;-)

Monitor IP is the same IP as the Gateway IP

Like I have shown, there seem to be a error in RTT data being displayed in the GUI

you can try to check log file and make a correct path for ntop

Can't reproduce that, it reinstalled my packages fine on alix on that snap. But the copying is fixed at least, so this thread is done.

Opened a bug against 2.1: http://redmine.pfsense.org/issues/2915 - this thread could be moved to the 2.1 forum, as I believe it is only a result of some new features in 2.1.

It needs some changes on the daemon so means development.
Not sure when i can get to do it?

Yay, that worked! :)

You were right. pbi_info showed two versions of the open-vm-tools package, the 64-bit I installed via the GUI, and the 32-bit one I have no idea where it came from.

I deleted the 32-bit one via pbi_delete and reinstalled the 64-bit from the GUI; all is well. Service is running, kernel modules are loaded, vSphere Client shows tools as running in the VM.

Thanks a bunch!

I've tried all I can find and can't get the command to work for showing the entrystats.
Open to suggestions.
Thanks

Thank's a lot! :)

Thanks for the quick replies!
Ya, figured it was a little out there.
I'll go with just adding another vNIC and dialing the 2nd pppoe with that.

Thanks again!
Loving pfSense, btw - moved here from OpenWRT x86 and haven't looked back!  Not that anything is wrong with OpenWRT - I'm running it on all my WAPs and it's awesome too, but pfSense just has waaay more going for it as an edge device.

Thank you, that fixed it. I don't know how it happened, I know I didn't make any changes to the proxy settings in that page. Anyhow thanks again.

By "quick" firewall rules. On a system with 1 LAN, 2 WAN and Allow IPv6 off:

/root(3): pfctl -srules | grep inet6 block drop in log quick inet6 all label "Block all IPv6" block drop out log quick inet6 all label "Block all IPv6" block drop in log inet6 all label "Default deny rule IPv6" block drop out log inet6 all label "Default deny rule IPv6" pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echorep keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echorep keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type echoreq keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routersol keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routeradv keep state pass quick inet6 proto ipv6-icmp all icmp6-type unreach keep state pass quick inet6 proto ipv6-icmp all icmp6-type toobig keep state pass quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state pass quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep state block drop quick inet6 proto tcp from any port = 0 to any block drop quick inet6 proto tcp from any to any port = 0 block drop quick inet6 proto udp from any port = 0 to any block drop quick inet6 proto udp from any to any port = 0 block drop in on vr1 inet6 from fe80::20d:b9ff:fe22:1fe9 to any block drop in on vr0 inet6 from fe80::20d:b9ff:fe22:1fe8 to any block drop in on vr2 inet6 from fe80::20d:b9ff:fe22:1fea to any pass in on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" pass out on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback" pass out inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself"

The top 2 lines make sure that no IPv6 packets will be processed by the bunch of rules below (which are the normal default IPv6 rules) - blocks any IPv6 in and out on any interface.
Also, as of Mon Mar 25 15:43:22 EDT 2013 snapshot, the bogonsv6 table is not created when Allow IPv6 is off - there is no point having 72006 bogons-V6 table entries loaded when the whole of IPv6 is already blocked anyway.

Thanks for the information Will, I'll sit tight :)