Re: [pfSense] malformed packets

2017-10-30 Thread Ryan Rodrigue 

> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of
> mad.scientist.at.la...@tutanota.com
> Sent: Monday, October 30, 2017 2:27 PM
> To: pfSense Support and Discussion Mailing List
> Subject: Re: [pfSense] malformed packets
> 
> thank you for your' reply, i'll try your suggestions.  complete newbe to
> pfsense, but do know something about firewalls etc. and can basically
> use wireshark and understand it.  fortunately the problem has become
> much less severe.  Thank you.
> 
> mad.scientist.at.large (a good madscientist)
> --
> "The U.S. intelligence community concluded in a report made public in
> January that the Kremlin sought to disrupt the 2016 election and sway
> the race in Trump's favor."  From "thehill.com".  Only Trump and his
> duplicitous supports try to say it was Clinton who conspired.  Frankly
> Trump is likely guilty of treason, the sooner he's impeached and indited
> the better, along with ALL of his supporters in goverment.
> 
> 
> 30. Oct 2017 09:36 by st...@teamits.com:
> 
> 
> > I saw your question but didn't see an answer...  Have you considered
> Suricata or Snort to see if they can detect and block off the traffic?
> >
> > --
> >
> > Steve Yates
> > ITS, Inc.
> >
> > -Original Message-
> > From: List [> mailto:list-boun...@lists.pfsense.org> ] On Behalf Of >
> mad.scientist.at.la...@tutanota.com
> > Sent: Friday, October 20, 2017 7:24 PM
> > To: pfSense Support and Discussion Mailing List <>
> list@lists.pfsense.org> >
> > Subject: [pfSense] malformed packets
> >
> > is there any way i can block malformed packets and drop them rather
> than being used for a ddos attack?  this is related to LEGAL torrents,
> i.e. copy left etc.  even running deluge there is a storm of malformed
> packets with spoofed ip addrs, which then makes my machine send out
> many, many malformed packets to people who didn't even send them.  Gee,
> i thought doing a ddos on people was illegal, not that it matters in
> most countries.
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! > https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold


Can we avoid posting political statements to this list?  You can have whatever 
view you would like, but a router mailing list is hardly the place to post 
them.  Thank you. 
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Squid in transparent mode and Squidguard external redirection

2017-10-30 Thread Roberto Carna 
Dear, I'm using pfSense 2.4 with Squid in transparent mode, SSL
enabled / Slice All, and Squidguard as HTTP/HTTPS filter.

Everything is OK, except when I want web clients to be redirected to
an external Apache web server with an error page...they don't get any
error defined in the Apache server.

Is it possible to have a transparent proxy with external redirection ???

Thanks a lot!!!

Roberto
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Error notifications from pfSense 2.4.1

2017-10-30 Thread David C. Jenner 

I updated to pfSense 2.4.1 on my SG-2440 a couple of days ago.

I got the following notifications:


pf_busy

PF was wedged/busy and has been reset. @ 2017-10-29 07:25:52

Filter Reload

There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device 
busy - The line in question reads [0]: @ 2017-10-29 07:25:54



What does this mean?  I never had any such occurrences with 2.3.8.

Thanks,
Dave
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] malformed packets

2017-10-30 Thread mad.scientist.at.large 
thank you for your' reply, i'll try your suggestions.  complete newbe to 
pfsense, but do know something about firewalls etc. and can basically use 
wireshark and understand it.  fortunately the problem has become much less 
severe.  Thank you.

mad.scientist.at.large (a good madscientist)
--
"The U.S. intelligence community concluded in a report made public in January 
that the Kremlin sought to disrupt the 2016 election and sway the race in 
Trump's favor."  From "thehill.com".  Only Trump and his duplicitous supports 
try to say it was Clinton who conspired.  Frankly Trump is likely guilty of 
treason, the sooner he's impeached and indited the better, along with ALL of 
his supporters in goverment.


30. Oct 2017 09:36 by st...@teamits.com:


> I saw your question but didn't see an answer...  Have you considered Suricata 
> or Snort to see if they can detect and block off the traffic?
>
> --
>
> Steve Yates
> ITS, Inc.
>
> -Original Message-
> From: List [> mailto:list-boun...@lists.pfsense.org> ] On Behalf Of > 
> mad.scientist.at.la...@tutanota.com
> Sent: Friday, October 20, 2017 7:24 PM
> To: pfSense Support and Discussion Mailing List <> list@lists.pfsense.org> >
> Subject: [pfSense] malformed packets
>
> is there any way i can block malformed packets and drop them rather than 
> being used for a ddos attack?  this is related to LEGAL torrents, i.e. copy 
> left etc.  even running deluge there is a storm of malformed packets with 
> spoofed ip addrs, which then makes my machine send out many, many malformed 
> packets to people who didn't even send them.  Gee, i thought doing a ddos on 
> people was illegal, not that it matters in most countries.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! > https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] malformed packets

2017-10-30 Thread Steve Yates 
I saw your question but didn't see an answer...  Have you considered Suricata 
or Snort to see if they can detect and block off the traffic?

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of 
mad.scientist.at.la...@tutanota.com
Sent: Friday, October 20, 2017 7:24 PM
To: pfSense Support and Discussion Mailing List 
Subject: [pfSense] malformed packets

is there any way i can block malformed packets and drop them rather than being 
used for a ddos attack?  this is related to LEGAL torrents, i.e. copy left etc. 
 even running deluge there is a storm of malformed packets with spoofed ip 
addrs, which then makes my machine send out many, many malformed packets to 
people who didn't even send them.  Gee, i thought doing a ddos on people was 
illegal, not that it matters in most countries.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] CARP Interface doese not sync

2017-10-30 Thread Steve Yates 
A few thoughts...

When upgrading pfSense recommends upgrading the backup router first.
For the states to sync the interfaces have to have the same names, i.e. same 
NICs in both.

An XML sync error is usually seen when saving changes on the primary router and 
it tries to connect to the backup.  That's different than the interfaces not 
syncing state.  Ensure you're using the username "admin" to sync...even though 
there is a field for the username in the CARP sync settings, pfSense apparently 
uses a hardcoded "admin" instead and ignores the field.

Are you using Suricata or any other packages?

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Daniel
Sent: Monday, October 30, 2017 7:33 AM
To: pfSense Support and Discussion Mailing List 
Subject: [pfSense] CARP Interface doese not sync

Hi there,

 

i run 2 Pfsense boxed which are connected directly on the Sync interface.

Pf1 Version is 2.4.1 and pf2 Version is 2.4.0

 

I created now CARP interfaces wich are not synced to pf1 automaticly. I get 
some XML errors (Syntax Error in XML)

Is there anyway to start the Sync process manually to check logs or so?

 

Cheers

 


Daniel

 

 

 

 

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] ASRock E3C236D2I+Pentium G4560 vs SM A1SRi-C2758F

2017-10-30 Thread Vick Khera 
There are wide-spread reports of ASRock C2750D4I board failures in the
FreeNAS forums. I've suffered from it. Not sure if that applies to the
board you are considering.

There are also wide-spread reports of issues with the Supermicro board you
are considering. I have 4 of these in service for 3+ years with no issues.
I recently closed down one of my offices and have a spare pfSense branded
C2758 system if you're interested.

Personally, I'd go with the Supermicro solution. They easily handle Gigabit
WAN.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Block Install/Update APPs [android / apple].

2017-10-30 Thread Kleber Carvalho 
Hello,


  We already have the "blk_BL_updatesites" option Denied,
unfortunately it's not working for block apps.


Thanks.


On Mon, Oct 30, 2017 at 11:59 AM, Benjamin E. Nichols <
webmas...@squidblacklist.org> wrote:

> This isnt a direct solution to your problem, however, Here is a list  of
> apple domains that you may find useful if you are building a blacklist.
> http://whitelists.squidblacklist.org/apple.domains <
> http://whitelists.squidblacklist.org/apple.domains>
>
> I  believe there is significant demand to justify spending a few days
> working on the problem, to deliver a few new "whitelists" for 'mobile app
> stores & updates' . We are a paid service, however, our whitelists are free.
>
>
> On 10/30/2017 8:46 AM, Kleber Carvalho wrote:
>
>> Hello,
>>
>>
>>I have a guest network and this moment I need to block all
>> access
>> to Install and Update of APPs Android and Apple, I am using squid +
>> squidguard in my proxy.
>>
>> Any idea about that ?
>>
>>
>>
>> Best Regards.
>>
>>
> --
> Signed,
>
> Benjamin E. Nichols
> 1-405-301-9516
> http://www.squidblacklist.org
>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>



-- 

*Kleber da Silva CarvalhoProfissional Certificado.*
*CCNA R**  |  **CCNA Security  |  **CCNP Security  |  **LPIC-1  |
 LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA 11 * *|* * Novell
DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] CARP Interface doese not sync

2017-10-30 Thread maina maish 
For CARP to work, Pfsense boxes should be on same version, you will have to
upgrade 2.4.0 to 2.4.1

On Mon, Oct 30, 2017 at 3:33 PM, Daniel  wrote:

> Hi there,
>
>
>
> i run 2 Pfsense boxed which are connected directly on the Sync interface.
>
> Pf1 Version is 2.4.1 and pf2 Version is 2.4.0
>
>
>
> I created now CARP interfaces wich are not synced to pf1 automaticly. I
> get some XML errors (Syntax Error in XML)
>
> Is there anyway to start the Sync process manually to check logs or so?
>
>
>
> Cheers
>
>
>
>
> Daniel
>
>
>
>
>
>
>
>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Block Install/Update APPs [android / apple].

2017-10-30 Thread Benjamin E. Nichols 
This isnt a direct solution to your problem, however, Here is a list  of 
apple domains that you may find useful if you are building a 
blacklist.http://whitelists.squidblacklist.org/apple.domains 



I  believe there is significant demand to justify spending a few days 
working on the problem, to deliver a few new "whitelists" for 'mobile 
app stores & updates' . We are a paid service, however, our whitelists 
are free.



On 10/30/2017 8:46 AM, Kleber Carvalho wrote:

Hello,


   I have a guest network and this moment I need to block all access
to Install and Update of APPs Android and Apple, I am using squid +
squidguard in my proxy.

Any idea about that ?



Best Regards.



--
Signed,

Benjamin E. Nichols
1-405-301-9516
http://www.squidblacklist.org

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Block Install/Update APPs [android / apple].

2017-10-30 Thread ibrahim uçar 
Block the "updatesites" for your guest and then try to update, see if it's
works.





--

*İbrahim UÇAR*

Blogger |  https://lifeoverlinux.com 

On Mon, Oct 30, 2017 at 4:46 PM, Kleber Carvalho 
wrote:

> Hello,
>
>
>   I have a guest network and this moment I need to block all access
> to Install and Update of APPs Android and Apple, I am using squid +
> squidguard in my proxy.
>
> Any idea about that ?
>
>
>
> Best Regards.
>
> --
>
> *Kleber da Silva CarvalhoProfissional Certificado.*
> *CCNA R**  |  **CCNA Security  |  **CCNP Security  |  **LPIC-1  |
>  LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA 11 * *|* *
> Novell
> DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Block Install/Update APPs [android / apple].

2017-10-30 Thread Kleber Carvalho 
Hello,


  I have a guest network and this moment I need to block all access
to Install and Update of APPs Android and Apple, I am using squid +
squidguard in my proxy.

Any idea about that ?



Best Regards.

-- 

*Kleber da Silva CarvalhoProfissional Certificado.*
*CCNA R**  |  **CCNA Security  |  **CCNP Security  |  **LPIC-1  |
 LPIC-2 * *|*  *LPIC-3 * *|  * *LPIC-3 303 * *| **Novell CLA 11 * *|* * Novell
DCTS * *|* * ITIL v3 * *|* * COBIT 4.1*
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] CARP Interface doese not sync

2017-10-30 Thread Daniel 
Hi there,

 

i run 2 Pfsense boxed which are connected directly on the Sync interface.

Pf1 Version is 2.4.1 and pf2 Version is 2.4.0

 

I created now CARP interfaces wich are not synced to pf1 automaticly. I get 
some XML errors (Syntax Error in XML)

Is there anyway to start the Sync process manually to check logs or so?

 

Cheers

 


Daniel

 

 

 

 

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold