@kprovost you've been kind enough to review, test and merge the PR. Maybe you could help me do a similar kind of build as you did?

@mOrbo O.k. i see. Under such circumstances i would also stay on the internal DNS. Well just give it a try with @BBcan177 said in PFBlockerNG Python-Mode - Source-IP in Reports: For Python mode, when you use an internal dns server, you can either null block or check the option "DNSBL Event Logging", which will provide a workaround for this issue. So as far i remember, it did not work with Python mode and DNSBL Null block (logging). But i surely did not test it with checking "DNSBL Event Logging" and DNSBL Webserver / VIP.

@nasheayahu where is this CA from? You can for sure create your own CA, and sign certs for any domain and use those certs anywhere. And as long as you add this CA to your browser, or other device to trust certs its signed then you can create a cert for any host.domain.tld, even can put in rfc1918 IP addresses as SAN, so your browser can access via name or even IP and trust the cert. I am pretty sure have gone over how to do that many times over the years - here is an old post where I went over it https://forum.netgate.com/post/831783 I use certs signed by my local CA for lots of things, printer web gui, switches web gui, nas gui, yes my pfsense web gui, etc. etc.

@RKiFkRyCevGvpLeXMove said in Firewall blocks explicitly allowed traffic: pfSense has added IPv6 versions of the aliased IPv4 IPs, even though IPv6 is disabled in pfSense. having pfsense not talk ipv6 doesn't stop dns from resolving a fqdn to a IPv6 address (AAAA). If you create an alias that says resolve dns.whatever.tld and it has A and AAAA (ipv6) records then that is what it will resolve. Resolving something to IPv6 doesn't mean you can talk to it on IPv6 if rules do not allow it.

I have to agree with you! My upgrade went smooth and nothing needed to be restarted, upgraded or anything else! I did upgrade a 4200, but at least it went smoothly. I will run another backup since it is upgraded.

My patch https://github.com/pfsense/FreeBSD-src/pull/57 fixing above redmine ticket (by enabling corresponding driver in kernel config) was merged last month and will be a part of 2.9.0, whenever that comes out.

@syhm Thanks, although I did try that and unfortunately no dice.

-------- Action: Block Interface: WAN Address Family: IPv6 Protocol: Any Source: Network f000::/4 Destination: Any Description: Block internal IPv6 (f000::/4) from leaving via WAN -------- Just letting people know i made a little mistake here while writing the tutorial it's actually: -------- Action: Block Interface: WAN Address Family: IPv6 Protocol: Any Source: Any Destination: Network f000::/4 Description: Block internal IPv6 (f000::/4) from leaving via WAN --------

The same thing hit me when upgrading to 25.07.1 this morning. I moved libc++.so.1 to /root and squid started normally. When I was experiencing the issue it looked like this in my system log: /rc.filter_configure_sync: [squid] Installed but not started. Not installing 'nat' rules. /rc.filter_configure_sync: [squid] Installed but not started. Not installing 'pfearly' rules. /rc.filter_configure_sync: [squid] Installed but not started. Not installing 'filter' rules. sshd[12272]: error: connect_to [interface_to_listen_on] port 3128: failed. Squid_Alarm[34120]: Squid has exited. Reconfiguring filter. Squid_Alarm[35230]: Attempting restart... The sshd error is from my ssh connection where I tunnel my websurfing to my home router. Since squid wasn't listening on the specified port sshd could not make the connection. All well now.

said in Now Available: pfSense Plus 25.07.1-RELEASE: Coincidence? Yes, indeed.

ZFS is also a lot more resilient to filesystem issues than UFS. So if you see frequent power outages it's a much better choice. But, yes, it does write more to the drive. Though the default values in 25.07 reduce that significantly. You can mitigate it almost entirely by running RAM disks too.

Yup so check the routing and arp table on a client when it's unable to browse.