@stephenw10 thanks for responding -- yup pfSense update solved this particular issue. Now I'm running into TLS/ cert issues on my dockerized graylog setup, which is probably outside the scope of this forum.

Would be nice to have a standard way to securely manage logs in Pfsense -- one that does not encourage people to send logs in the clear.

I know you can just run a local server and have some security with Rules, but would suggest to have a more formal secure integration with Graylog given how popular it seems to be with people here. Also for people that want to monitor more than one network with one Graylog instance

6.6 is active in 24 beta if anyone else wants to test it.

@bmeeks what's funny is the .11 version works perfectly for me on 23.05.01. I always thought it was my custom AppID stuff until you told me the real reason. I would love a new Netgate appliance that could utilize inline mode and get .SO rules. My wife won't let me until this one dies. I also can't get my 2100 to update to 23.09. But I secretly like ARM too

@bingo600 That is pretty slick!

Ydrfff @ Any FB stuff on a Fwall

I'd go for FreeRadius on another machine, and then set pfSense to use the external Freeradius

/Bingo

@oleg-blecher said in syslog-ng not starting:

Undefined symbol "g_ptr_array_find_with_equal_func"

if you have that error after the update it means that everything was not successful

try from console

pkg install --force glib-2.56.3_7,1

or backup your config and do a clean install of 2.4.5 and restore

that error it's due to a mismatch between lib and syslog-ng

@viktor_g said in Packages of Aliases (Port + IP's + company AC) for easy administrating:

@Sergei_Shablovsky said in Packages of Aliases (Port + IP's + company AC) for easy administrating:

have a lot of Apple iOS devices in company/home and need to quickly add rules to pfSence after You buy new appliance from Netgate;
company buy a software product that need to communicate with outside servers on a developer side;
company buy a new hardware (servers (like IBM IMM service, Dell/HP have similar) , email antivirus DPI inspector, etc...), that need to communicate with outside servers on a developer side;

Every appliance uses it own list of ports, that can be changed
It is better to check this information with the vendor

May be 5 or 7 years ago I was agree with You, because there are a huge bunch of SaaS services and the pool of IPs cannot able to be collected in reasonable timeslot.
BUT now in 2020 exist only 30-100 SaaS services that used by MOST OF USERS: Amazon AWS, Google ~Servises, Apple, 5 email services (Google, Yahoo, ...), and around 10 most-usable hardware vendors (Dlink, TPlink, Amazon devices, Google devices, ...)

Sorry, I need to repeat again:

The main question are the most users just need "push button and all working well" solution. Just look at this NetGate forum - more than 80% are about something described in official doc, or more than one time appear on forum. But same questions popup again and again, again and again, countless.
Even pinned on top of official pfBlockerNG part of this forum Bypassing DNSBL for specific IPs have words like CloudFlare. Rock... :)

And from point of view of ordinary users if something goes wrong, each user clime the "NetGate pfSense router" rather himself for not setup pfSense correctly. You may see on this forum even sysadmins of small organization are to lazy to correctly setup the pfBlockerNG-devel. This is reality of our life.

So at the bottom line are: if some solution exist on level "push button - and we do the rest" - more than 80% of users are happy with this. And buy more and more of pfSense devices, and recommend to others. NetGate are open source but not source of donation, this is "open source / business" balance.

And my proposition also about increase the power of this "open source / business" balance.

blocking using social networks (we all need that our stuff pay attention on work neither spent working hours on instagram, tinder, facebook, twitter...)

You can block it with the pfBlockerNG-devel / DNSBL Category

You can also find/add some specific DNSBL/IP lists there,
Most cloud providers have these lists,
check https://github.com/joetek/aws-ip-ranges-json
https://forum.netgate.com/topic/147716/stun-public-email-providers-and-some-feeds-from-secops
etc..

Thank You for source! Appreciate Your attention and time!

Would anyone have an idea as to what is going on? I'm kind of stumped at this point.

Hi jimp,
some good news here.

Your statement that "pkg can't reach the pfsense servers" pointed me to the right direction; I haven't understood it fully, but I found a way at least to unlock the pkg issue.

In my case, it was due to a double stack IPv4/IPv6 issue: to solve it, I had to temporaly disable the network interface linked to the GIF port; removing IPv6 name resolution plus removing the IPv6 default gateway and firewall rules to route IPv6 traffic didn't suffice.

I don't like to be so inaccurate in test results, but as IPv6 connectivity was actually working, defining this problem will require some more tests and I meant to find a quick workaround for everybody experiencing this kind of issue.

Let me know if this rings a bell.