Re: [pfSense] Is pfSense the Best Open Source Firewall/IDS/IPS in the World?

2018-05-25 Thread Vick Khera 
On Fri, May 25, 2018 at 4:56 AM, Turritopsis Dohrnii Teo En Ming <
tdteoenm...@gmail.com> wrote:

> Questions are:
>
> (1) Is pfSense, coupled with Snort IDS, the best open source
> firewall/IDS/IPS in the world?
>

It is my preferred one, for sure, and I have used it for multiple office
locations and my data center for many years. The word "best", however, has
no real meaning without context. You need to specify your environment and
your requirements to decide which software is the optimal choice.


> (2) Is pfSense on par with commercial firewall appliances, including
> Cisco ASA, Cisco Sourcefire, Fortigate, SonicWall, etc?
>
>
Again, you have to define your requirements. Likely for most small to
medium sized organizations basic needs, pfSense will be comparable to the
other commercial offerings.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] memstick-2.4.3-RELEASE-amd64.img debugflags needed for ZFS

2018-05-25 Thread Vick Khera 
On Wed, May 23, 2018 at 4:10 PM, Jason Hellenthal 
wrote:

> Sorry for the long subject but has anyone experienced in the ZFS install
> for a mirrored setup of two disks that you need to set
> kern.geom.debugflags=16 to allow shooting yourself in the foot just to get
> the kernel to stop denying you access to the disks ?
>
>
> The UFS install works as intended.
>

You don't want to use GEOM mirror underneath ZFS. You want ZFS to do the
mirror of two individual disks. What exactly is preventing you from adding
the second drive to the zroot pool?
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Is this a state of the art DNS Resolver setup?

2018-05-25 Thread Antonio 
Hi folks,

I come across this post
https://airvpn.org/topic/27460-opinion-best-solution-against-dns-leak-on-pfsense/
which provides what I think (although I'm no expert here) is an elegant
solution to those that have VPNs setup on pfSense.

The reason being that:

a) it prevents DNS leaks

b) it doesn't forward DNS requests over the VPN tunnel and keeps DNS
requests closed to indiscrete eyes


However, then last post (go558a83nk
) on the thread may have a
point about distance to the CDN?

What are your thoughts?


-- 


Respect your privacy and that of others, don't give your data to big 
corporations.
Use alternatives like Signal (https://whispersystems.org/) for your messaging 
or 
Diaspora* (https://joindiaspora.com/) for your social networking.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Diagnosing DNS Resolver SERVFAIL issues

2018-05-25 Thread Steve Yates 
Is the pfSense set to forward DNS requests?  Maybe the ISP on the VPN 
side is blocking DNS requests that leave their network to a third-party DNS 
server?  I have seen that before, over the years.

--

Steve Yates
ITS, Inc.

-Original Message-
From: List  On Behalf Of Antonio
Sent: Thursday, May 24, 2018 11:41 PM
To: pfSense Support and Discussion Mailing List 
Subject: [pfSense] Diagnosing DNS Resolver SERVFAIL issues

Hi,

I've been happily using the "Outgoing Network Interfaces" set to my VPN
interface to prevent DNS leaks and its been working pretty well until
today when all of a sudden it stopped resolving DNS requests. In fact,


[fri may25, 03:04 ][user@1:~]nslookup www.google.com
Server: 192.168.2.1
Address:    192.168.2.1#53

** server can't find www.google.com: SERVFAIL


192.168.2.1 is my pfSense box hooked to DSL modem. As soon as I set
"Outgoing Network Interfaces" to my WAN, then it all works again.
However, this means that although my traffic is vehicle through VPN, the
DNS Resolver is routing requests via ISP instead of VPN. I don't
understand how all of a sudden the VPN server stopped allowing DNS
requests to be passed from my pfSense maching. Does this seem plausible
and how do you think I can diagnose this? The is no way i can get ubound
to work unless i set "Outgoing Network Interfaces" to WAN. This was not
the case until yesteday.

Any clues?

Thanks

-- 


Respect your privacy and that of others, don't give your data to big 
corporations.
Use alternatives like Signal (https://whispersystems.org/) for your messaging 
or 
Diaspora* (https://joindiaspora.com/) for your social networking.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Is pfSense the Best Open Source Firewall/IDS/IPS in the World?

2018-05-25 Thread Turritopsis Dohrnii Teo En Ming 
Good Afternoon Everybody from Sunny Singapore!

I have just deployed pfSense Community Edition version 2.4.2 firewall
on my home desktop computer (Intel Pentium Dual Core E6300 @ 2.8 GHz,
Intel DQ45CB Motherboard and 1 TB SATA Harddisk) not too long ago.

More recently, I have upgraded my home-based pfSense firewall
appliance to Community Edition version 2.4.3.

I have Snort Intrusion Detection System (IDS) installed as well.

Questions are:

(1) Is pfSense, coupled with Snort IDS, the best open source
firewall/IDS/IPS in the world?

(2) Is pfSense on par with commercial firewall appliances, including
Cisco ASA, Cisco Sourcefire, Fortigate, SonicWall, etc?

Please advise.

Thank you.


===BEGIN SIGNATURE===

Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 30 Oct 2017

[1] https://tdtemcerts.wordpress.com/

[2] http://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

===END SIGNATURE===

25 May 2018 Friday 4:56 PM Singapore Time
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold