@ozbob:

After updating to pfsense 2.3.3 lost squid ntlm integration I installed with a samba script

Shit like installing Samba on the firewall is NOT supported.

::) ::) ::)

What kind of states are there? On wan or lan side? Having a acl or not should have no effect to the number of states.. Are you using transparent-Client-Ip on the backend?

To get rid of states you could possibly make some stateless floating rules, then pfsense wont track states anymore. Make sure to allow both ways and all types of flags..

False positives need to be reported to signatures maintainer, not here

When I try to request a certificate, I get an error.
The manual call of the URL supplies a service unavailable.

http://aaa.bbb.com/.well-known/acme-challenge/key [123.123.123.123]: 503

I think the ACME-Backend works not as expected.
How can I configure the firewall/HAProxy to listen on port 8080 for serving the files ACME wants to see?

You may look at the package Service Watchdog also for restarting stopped services.

If you are using this broken thing, then kindly fix the permissions are noted in the readme.

Thanks for testing.

https://github.com/pfsense/FreeBSD-ports/pull/333

Scripts

https://sourceforge.net/projects/sgupdate/?source=typ_redirect

https://steelmon.wordpress.com/2010/12/09/setting-up-a-blacklist-proxy-with-automatic-updates-using-squid-and-squidguard/

Check the directories in some of these scripts to ensure they match your pfSense directories.

I like your sarcasm. However, I was hoping I could get some help from an experienced board member here. BSD people are usually friendly and helpful (unless you mention Linux or Microsoft to them). I know a few.

Hi there,

I guess my solution is not working anymore, because basically the content of the file changed completely. I will look if can post a new solution here.

cu.

Hi!

In frontend under advanced config add this to Advanced pass thru:

redirect scheme https if { hdr(Host) -i host.domain.com } !{ ssl_fc }

That should do it…

Too bad that every time I find some time to spare to work on providing more logging options (the thing described here is pretty much a non-issue), it ends up like this:

http://wiki.squid-cache.org/

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at webmaster@squid-cache.org to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.

The Squid bugzilla has been giving me a database error for ~2 weeks without anyone there giving a damn.

Yeah, looks like that. There are bugs in the SquidGuard code rotting for years (see https://redmine.pfsense.org/projects/pfsense-packages/issues) – simply because noone can keep reading the code for more than a couple of minutes before developing a severe headache. The changes suggested here are a blatant waste of resources for most users, and adding options to the mess is not viable.