@hescominsoon put them in separate aliases/rules: https://forum.netgate.com/topic/196927/filterdns-has-stopped-resolving-hostnames-in-firewall-aliases/26

Hello.... me again. I though I was home safe.... [image: 1764629345167-main.png] I though the BIOS version was 6.xxx but it shows 4.6.5.4 .This is afther the flash of the BIOS. [image: 1764629451851-advhealth.png] How you can see the CPU temp is a little to high, is it possible that i canchage something in the BIOS, if so... where? couldn't find anywhere to change fan speed. [image: 1764629627475-advance.png] there are a few more option at the bottom but couldn't get it.... is there a location i should look harder? I went through it a few times, couldn't find anything related to change the speed of the fans... I apologize making more questions, i though it was all good.... Hope there is something i can do about this temp issue. thanks to all

What 'install servers'? What are you seeing where?

@Grant204 said in ISO image for pfSense v2.8.1: Which recently they appear to never be. They're up at the moment.

@kprovost Well I'll be damned. You're right! (disclaimer: this is a system I don't manage myself. So I didn't even think to check this) But, alas... # freebsd-version -ku 16.0-CURRENT 15.0-CURRENT # uname -K 1600001 # uname -U 1500029 # uname -a FreeBSD r1.lan 16.0-CURRENT FreeBSD 16.0-CURRENT #34 plus-RELENG_25_11-n256497-084b5f7b7bcd: Tue Nov 18 17:24:40 UTC 2025 root@pfsense-build-release-aarch64-1.eng.atx.netgate.com:/var/jenkins/workspace/pfSense-Plus-snapshots-25_11-main/obj/armv7/JG6bvqZ0/var/jenkins/workspace/pfSense-Plus-snapshots-25_11-main/sources/FreeBSD-src-plus-RELENG_25_11/arm.armv7/sys/pfSense-3100 arm Now I've definitely got some questions for the admin who asked me for help on this one! sheesh...

Some certificates get broken for updates they also must be adapted from time to time to allow them to still work with squid. I have a specific set of update servers that is allowed all Microsoft based as I cache updates and reuse them

Unfortunately this issue is still present in 25.07.1-RELEASE I just added a 'new' IPSec P1, and upon saving there were 2 P2s already visible, that were used on a tunnel that was deleted at least a year ago.

@BiloxiGeek You can always run Wireshark on a compatible device, filtering the capture by "port 53". But this would not show any queries made via HTTPS (i.e., DoH). You could also include "or port 853" in your capture filter to show DoT traffic. But the queries themselves would be encrypted.

@w0w Wasn't enough for me on v8 though. I had to turn off HW Offload as well... And I have never set interfaces to VLAN aware before on any of my other Proxmox machines (including one with version 9). But this is the only one I have with i226's... and the only one where I run my NICs virtualized for the firewall...

@stephenw10 Thanks Stephen...

@tinfoilmatt Tes, both sites have WireGuard installed. It is used occasionaly by users being outside of the office.

@msurg After the error message > ld-elf.so.1: Shared object "libutil.so 10" not found, required by "pkg" > The following were the commands that fixed it. (I left out a few commands that themselves had error messages): pkg-static clean -ay certctl rehash pkg-static -d update -f pfSense-upgrade -c env IGNORE_OSVERSION=yes pkg-static update -f env IGNORE_OSVERSION=yes pkg-static install -fy pkg pfSense-repo pfSense-upgrade

Hmm, that's very generic. That function is used by numerous things. Was anything else logged at the time?

If you are accessing pfSense using the new gui via Nexus then removing the package would break access to the firewall which is obviously... undesirable! If you don't need to use it just don't enable it.

@stephenw10 Thank you. I will do it. If I run into any problem after that I will post it here.

It tries to check by running pfSense-upgrade -dc. That will show that error if it's already running.

@stephenw10 correct. That's the workaround I'm using right now.

For pfSense NVMe isn't going to make much difference; drive speed isn't that important. I guess it might give you access to more drive choice.

@avala what is it blocking - post rules on your opt1 interface, any floating rules you might have and actual log of what was blocked