• IPSEC perdendo conexão

    Portuguese pfsense ipsec firewall
    16
    0 Votes
    16 Posts
    3k Views
    DaddyGoD
    @alexandre-angeli said in IPSEC perdendo conexão: A IPSEC fica offline enquanto não usa, e comprovei o correto funcionamento, quando pingo ela "levanta" novamente. Hmmmm, mas: https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/keep-alive.html
  • 0 Votes
    4 Posts
    1k Views
    bingo600B
    I just saw this https://forum.netgate.com/post/939135 Seems like you can enter a range /Bingo
  • 0 Votes
    26 Posts
    8k Views
    D
    @JeGr said in Multiple Gateways on same subnet: Why not simply reconfigure those routers Because some devices (not mine) directly connected to router 1 have in their routing table certain rules to redirect traffic through 10.1.0.4. Hence those routers need to be on the same subnet. These routers are shared by around 20 people, in 4 rooms on single floor. Hence I cannot change settings on those routers.
  • 0 Votes
    6 Posts
    2k Views
    DaddyGoD
    @dr_tech said in Possible to block certain websites using URL ?: Is such a provision available ? Yes, I thought pfBlockerNG would be a good solution. See the answer to your question at the attached link: https://forum.netgate.com/topic/138029/acl-s-support In particular, focus on the recommendation of @BBcan177 (maintainer and creator of pfBlockerNG)
  • 0 Votes
    1 Posts
    991 Views
    No one has replied
  • 0 Votes
    1 Posts
    510 Views
    No one has replied
  • 0 Votes
    9 Posts
    2k Views
    johnpozJ
    @ddbnj said in Cannot access beyond router via OpenVPN: 10.8.0.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0 Yeah that would dick it up ;) Glad you got it sorted! Told you it wasn't pfsense ;) hehehehe The trick is getting the person to clearly see that themselves... Which is why the sniff proves to the user, hey pfsense is doing what its suppose to be doing... Have to look elsewhere..
  • 0 Votes
    13 Posts
    3k Views
    Sergei_ShablovskyS
    @viktor_g said in Packages of Aliases (Port + IP's + company AC) for easy administrating: @Sergei_Shablovsky said in Packages of Aliases (Port + IP's + company AC) for easy administrating: have a lot of Apple iOS devices in company/home and need to quickly add rules to pfSence after You buy new appliance from Netgate; company buy a software product that need to communicate with outside servers on a developer side; company buy a new hardware (servers (like IBM IMM service, Dell/HP have similar) , email antivirus DPI inspector, etc...), that need to communicate with outside servers on a developer side; Every appliance uses it own list of ports, that can be changed It is better to check this information with the vendor May be 5 or 7 years ago I was agree with You, because there are a huge bunch of SaaS services and the pool of IPs cannot able to be collected in reasonable timeslot. BUT now in 2020 exist only 30-100 SaaS services that used by MOST OF USERS: Amazon AWS, Google ~Servises, Apple, 5 email services (Google, Yahoo, ...), and around 10 most-usable hardware vendors (Dlink, TPlink, Amazon devices, Google devices, ...) Sorry, I need to repeat again: The main question are the most users just need "push button and all working well" solution. Just look at this NetGate forum - more than 80% are about something described in official doc, or more than one time appear on forum. But same questions popup again and again, again and again, countless. Even pinned on top of official pfBlockerNG part of this forum Bypassing DNSBL for specific IPs have words like CloudFlare. Rock... :) And from point of view of ordinary users if something goes wrong, each user clime the "NetGate pfSense router" rather himself for not setup pfSense correctly. You may see on this forum even sysadmins of small organization are to lazy to correctly setup the pfBlockerNG-devel. This is reality of our life. So at the bottom line are: if some solution exist on level "push button - and we do the rest" - more than 80% of users are happy with this. And buy more and more of pfSense devices, and recommend to others. NetGate are open source but not source of donation, this is "open source / business" balance. And my proposition also about increase the power of this "open source / business" balance. blocking using social networks (we all need that our stuff pay attention on work neither spent working hours on instagram, tinder, facebook, twitter...) You can block it with the pfBlockerNG-devel / DNSBL Category You can also find/add some specific DNSBL/IP lists there, Most cloud providers have these lists, check https://github.com/joetek/aws-ip-ranges-json https://forum.netgate.com/topic/147716/stun-public-email-providers-and-some-feeds-from-secops etc.. Thank You for source! Appreciate Your attention and time!
  • [Solved] Disable IP source routing

    Firewalling firewall routing firewall rules
    4
    0 Votes
    4 Posts
    1k Views
    GertjanG
    No need tu put it off, because The style of routing described on that link won't work since pfSense doesn't enable the options for multiple routing tables So, what isn't implemented can't be switched off - neither on.
  • 0 Votes
    1 Posts
    577 Views
    No one has replied
  • 1 Votes
    1 Posts
    587 Views
    No one has replied
  • 0 Votes
    6 Posts
    2k Views
    F
    @Gertjan shodan.io is a service that scans the internet for known exposure and for vulnerabilities i remember you are french, so I link you here a video in French on the subject https://youtu.be/SxjmOFBtsvk
  • I need to Create routes for my VLAN interface.

    Firewalling firewall
    7
    0 Votes
    7 Posts
    938 Views
    C
    I am also wondering about the same thing. If you found a fix then please do let me know. thanks in advance :)
  • 0 Votes
    8 Posts
    2k Views
    DerelictD
    Well it is up to the ISP device to provide reasonable support for a customer-owned firewall device while still providing the necessary IPTV, etc functionality.
  • pfctl Anchor based approach possible?

    Development firewall
    3
    0 Votes
    3 Posts
    375 Views
    F
    When I run an iperf UDP Test that involves pfsense as router and a filter reload is done there is packet loss while the filter is reloading. This is especially annoying if an IPv6 Gateway goes down, the filter is reloaded and this affects the IPv4 Link aswell. If pfsense could selectively reload ipv6 only if an IPv6 Gateway goes down that would make things a lot easier. This was not meant to be a "problem post" but rather a "couldn't we improve by splitting ipv4 and ipv6 rules in 2 anchors" though. My first idea was something that could be done in iptables but not pf: Have a list of rules we want and one with rules we have and issue the commands to make them match. The closest we could get to that is probably splitting up, comparing when we want to reload and only reload if last != current.
  • 0 Votes
    1 Posts
    620 Views
    No one has replied
  • 0 Votes
    2 Posts
    794 Views
    RicoR
    Post your Rules (Screenshots). -Rico
  • 0 Votes
    8 Posts
    1k Views
    G
    @NogBadTheBad Hi, Sorry i should have mentioned, yeah my PC is on the 10.0.4.X network (just as a test PC) , the aim here was to loose connectivity to the GUI from my PC, then i have another one on the 10.0.7.X range that "should" get access to the GUI. After thinking about this last night I think I have sussed it out, we are going through a Proxy and this is the IP Address that accesses the Management GUI, hopefully I should be able to add some rules in our other proxy to avoid this Firewall bypassing it. Ill let you know if i have any more issues or if i need more help with this. Thanks for your help!
  • Understanding Firewall Configuration

    Firewalling rules firewall interfaces
    1
    0 Votes
    1 Posts
    533 Views
    No one has replied
  • 0 Votes
    9 Posts
    2k Views
    johnpozJ
    NP - glad you got it sorted..