Everything should be back to normal now for IPv6 connectivity, there was an upstream issue that's been resolved.

Hmm, OK. Not much to go on in that report unfortunately. If it does crash again comparing it would be useful. I'll see if anyone else sees anything I'm missing.

@HFADmin If it is no Site2Site-VPN then you don't need any gateways in the first place... If that is true but you want to monitor the connection then you could create dummy-gateways just to ping the remote ip-addresses.

@stephenw10 It's still showing a few simuleanteously, but every minute or so, not every other second like it was before.

You can always just reinstall 2.7.2 which will give you the new larger sized EFI partition and then upgrade again from there.

@Gertjan Thanks for your reply – that’s also my impression. The point is: I don’t really see any lists right now that are actually “maintained” in the sense of being actively cleaned up, checked for dead domains, categorized, etc. That’s why my main interest is more about the demand: Would curated lists really be a game changer for admins? Would they be more helpful than what’s available today, or are most people already using other alternatives? If so, which ones? And from your perspective, what would be your expectation towards “community lists”? (e.g. reliability, update frequency, categories, fewer false positives?)

You have to assign the OpenVPN client as a new interface so pfSense sees it as a WAN. It will then create a dynamic gateway for it you can use in a policy routing rule.

It was all CVE fixes in the PHP GUI part of the package. See the Redmine ticket here: https://redmine.pfsense.org/issues/16414.

@michaeljk said in Glasfaser mit APU2E4 - welcher Durchsatz möglich?: Fazit: Am 600/300 Anschluss erfüllt die APU2 noch ihren Zweck. Vermutlich wird dies am 1000/500 Anschluss nicht mehr der Fall sein, das prüfe ich dann nochmals bei einem zukünftigen Upgrade. Vor allem wenn die Box PPPoE selbst macht wird es da kritisch bei mehr als ca. halbem Gigabit. Auch wenn der neue Daemon potentiell weniger Overhead hat, ist die Lebenszeit aber langsam erreicht :) Für DSL tuts noch ;) aber schnellere Anschlüsse sollte man dann sich doch lieber in Richtung N150/vergleichbar oder höher orientieren. Cheers

@Gertjan As soon as I can I'll do the tests and update you.

Actually, docs are hosted here. This is now linked in the readme.

I have struggled with the log sizes getting too big and then the web pages refusing to list things on them (alerts/blocks pages show empty in UI). Clearing the logs manually instantly fixes the UI issue. I think the problem is the fact that logs can grow quite quickly and that relying on the log rotation can lead to a (very minimal) denial of service type event. I've thought about mucking with how often it rotates but as long as I'm not being legit DDOS'd it is just a nuisance. Suricata still clearly works. The firewall itself clearly works. The only real problem is UI issues when attempting to do a real investigation or troubleshoot. One can work around that manually. Of course somebody will simply say turn suricata off on the external interface. No. Occasionally good research happens there.

@jimp Ok , thanks)))

@pfGeorge So what? What should I do or not do? Update something somewhere or just wait?

Thanks for following up. Good result!

The driver firmware loading issue is not fixed in 2.8.1. It's still broken upstream AFAIK. You will still need to apply one of the workarounds.