Many thanks for the responses, this has helped me a lot. The Squid files - mainly the cache state was the primary issue.  These remained post uninstall of the package.  I think there might have been uninstall options to keep the cache etc ? I checked the Suricate logs and I think that at some point, the log trimming was not working correctly - even though theoretically the GUI showed trimming enabled.  I re-applied the settings and the logs for Suricate appear to be trimming properly now. Really appreciate the great help of forum members.

try to delete the cache and history then make sure you accept the unknown certificate also what version of chrome do you  have? Recently chrome been having issues especially with Hikvision addon

Hi all. I'm struggling with this. When I add the two lines I end up seeing the error Parse error: syntax error, unexpected 'else' (T_ELSE) in /etc/inc/unbound.inc on line 257 When I visit services->DNS Resolver. At this point the resolver will not start and I have to use the forwarder.  This is on the serial I386 2.2.2 install.

I already linked the bug. Do a clean install and move on. Really a no brainer with VMs.

"How do I fix this so DNS Resolver works and uses OpenDNS for name resolution?" Simple troubleshooting.  So can your client behind pfsense query opendns?  Can your clients behind pfsense query the roots?  Or any other name servers? What do you have the resolver listing on?  Are you really using the resolver or do you have it in forwarding mode?  Can pfsense?

Why don't you just look at the permissions of the current ones? E.g. $ ls -l /usr/local/www/themes/pfsense_ng_fs/ total 150 -rw-r--r--  1 root  wheel  29014 May  5 04:22 all.css -rw-r--r--  1 root  wheel  28792 Aug 25  2014 all.css.orig -rwxr-xr-x  1 root  wheel  4068 May  5 04:22 apple-touch-icon.png -rw-r--r--  1 root  wheel    349 May  5 04:22 bottom-loader.js -rw-r--r--  1 root  wheel  1406 May  5 04:22 favicon.ico -rw-r--r--  1 root  wheel  1218 May  5 04:22 graphlink.css drwxr-xr-x  5 root  wheel  1024 May  5 13:19 images drwxr-xr-x  4 root  wheel    512 May  5 13:19 javascript drwxr-xr-x  2 root  wheel    512 May  5 13:19 jsevents -rw-r--r--  1 root  wheel  9478 May  5 04:22 loader.js -rw-r--r--  1 root  wheel  21297 May  5 04:22 login.css -rw-r--r--  1 root  wheel  6856 May  5 04:22 menu.inc -rw-r--r--  1 root  wheel  3726 May  5 04:22 new_tab_menu.css -rw-r--r--  1 root  wheel    10 May  5 04:22 no_big_logo -rw-r--r--  1 root  wheel  3962 May  5 04:22 rrdcolors.inc.php drwxr-xr-x  2 root  wheel    512 May  5 13:19 styles -rw-r--r--  1 root  wheel  21003 May  5 04:22 wizard.css

use pfblockerNG or use the firewall to block all https sites and let squidGuard block http use http://www.tcpiputils.com/browse/as/32934 copy all the facebook IP CIDR ex:31.13.71.0/24

@Escorpiom: What you want is a transparent bridge. You can't route in the scenario you described. You would have to configure two different subnets. If PfSense can work as a transparent bridge, then you may be able to use some of the functions it offers. Cheers. ok, that makes sense.  i just wanted to make sure there wasn't an easier way of doing it.  thanks for the reply.

You can't change that without editing the error page.  Read this post if you want to know about creating your own custom error page for squidGuard.

@doktornotor: Did the box reboot at all after upgrade? https://redmine.pfsense.org/issues/4653 i could have sworn it rebooted after the upgrade, guess it didnt! i'm a noob. Thanks for the help, its much appreciated!

Sorry Guys I'm having a real problem understanding why the rule for OPT2 is wrong and causing the inbound speed issue (especially as the active rule in my previous post is one created by PFSense itself). I have tried source: * and destination: * as shown in the above attachment but that doesn't help with the speed either. Can you explain? or even suggest what the firewall rule for this simple test should be? (Note: with no rules for OPT2 the iperf test obviously fails as all traffic defaults to blocked). As requested attached is a diagram. I'm testing on the OPT2/igb2 interfaces on both boxes as a simple case but the same speed issue is present on the LAN and FAILOVER interfaces (not tested the WAN side but I'd be amazed if that didn't have the same issue). Also as requested here's the interface config from the PFSense booted box: igb0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500         options=407bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso>ether 0c:c4:7a:32:5c:30         inet6 fe80::ec4:7aff:fe32:5c30%igb0 prefixlen 64 scopeid 0x1         inet 192.168.1.247 netmask 0xffffff00 broadcast 192.168.1.255         inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255 vhid 2         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)         status: active         carp: MASTER vhid 2 advbase 1 advskew 0 igb1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500         options=407bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso>ether 0c:c4:7a:32:5c:31         inet6 fe80::ec4:7aff:fe32:5c31%igb1 prefixlen 64 scopeid 0x2         inet 10.10.1.1 netmask 0xffffff00 broadcast 10.10.1.255         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect         status: no carrier igb2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500         options=407bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso>ether 0c:c4:7a:32:5c:32         inet6 fe80::ec4:7aff:fe32:5c32%igb2 prefixlen 64 scopeid 0x3         inet 10.9.8.1 netmask 0xffffff00 broadcast 10.9.8.255         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)         status: active igb3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500         options=407bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso>ether 0c:c4:7a:32:5c:33         inet6 fe80::ec4:7aff:fe32:5c33%igb3 prefixlen 64 scopeid 0x4         inet X.X.X.106 netmask 0xffffffe0 broadcast X.X.X.127         inet X.X.X.108 netmask 0xffffffe0 broadcast X.X.X.127 vhid 1         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)         status: active         carp: MASTER vhid 1 advbase 1 advskew 0 pflog0: flags=100 <promisc>metric 0 mtu 33144 pfsync0: flags=41 <up,running>metric 0 mtu 1500         pfsync: syncdev: igb1 syncpeer: 10.10.1.2 maxupd: 128 defer: on         syncok: 1 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384         options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000         inet6 ::1 prefixlen 128         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7         nd6 options=21 <performnud,auto_linklocal>enc0: flags=0<> metric 0 mtu 1536         nd6 options=21 <performnud,auto_linklocal>ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500         options=80000 <linkstate>inet6 fe80::ec4:7aff:fe32:5c30%ovpns2 prefixlen 64 scopeid 0x9         inet 10.0.8.1 --> 10.0.8.2 netmask 0xffffffff         nd6 options=21 <performnud,auto_linklocal>Opened by PID 85860</performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></up,running></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast>  

@deltix: If your modem is one of those USB 3g/4g/ modems I would recommend to use it directly with PfSense if possible/compatible. PfSense can do everything you need without Tomato router. If your USB modem is not supported by pFsense try putting Tomato router in bridge mode. If that is not possible you might have to do double NAT. But you really want PfSense to handle everything. Nah, it's an external 4g wireless receiver that is up on a 30' tall antenna and connects to my router's WAN port via ethernet cable.

Yes.