[pfSense Support] Hardware Configuration
Hi ! I have installed PfSense on two servers DELL. I have on this servers a network card of 4 ports GBE. I have a problem with this card, because FreeBSD or PfSense, I don't know where is the problem can't recognize this ports. So my servers don't have ports. This is my network card configuration :dual embedded broadcom 5709 4 ports GBE I have learnt on a forum, that I have to install a driver bge? But, in FreeBSD it's not really easy to install. So, I just want to know if you have already meet this problem ? And of course, if you have perhaps a solution for me. Kind regards Caroline - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Hardware Configuration
On Mon, Jul 20, 2009 at 4:47 AM, Caroline Stekkecaroline.ste...@univ-rennes1.fr wrote: Hi ! I have installed PfSense on two servers DELL. I have on this servers a network card of 4 ports GBE. I have a problem with this card, because FreeBSD or PfSense, I don't know where is the problem can't recognize this ports. So my servers don't have ports. This is my network card configuration : dual embedded broadcom 5709 4 ports GBE I have learnt on a forum, that I have to install a driver bge? But, in FreeBSD it's not really easy to install. So, I just want to know if you have already meet this problem ? And of course, if you have perhaps a solution for me. If it's a newer card it may only be supported in 1.2.3-RC1 (FreeBSD 7.1), or possibly only in FreeBSD 7.2, which you can find in 1.2.3 snapshots at http://snapshots.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Hardware Configuration
Thank you for you attention But I have installed this version : 1.2.3-RC1 with FreeBSD 7.1 So for you my newer card, just can work with FreeBSD 7.2 ? Chris Buechler a écrit : On Mon, Jul 20, 2009 at 4:47 AM, Caroline Stekkecaroline.ste...@univ-rennes1.fr wrote: Hi ! I have installed PfSense on two servers DELL. I have on this servers a network card of 4 ports GBE. I have a problem with this card, because FreeBSD or PfSense, I don't know where is the problem can't recognize this ports. So my servers don't have ports. This is my network card configuration :dual embedded broadcom 5709 4 ports GBE I have learnt on a forum, that I have to install a driver bge? But, in FreeBSD it's not really easy to install. So, I just want to know if you have already meet this problem ? And of course, if you have perhaps a solution for me. If it's a newer card it may only be supported in 1.2.3-RC1 (FreeBSD 7.1), or possibly only in FreeBSD 7.2, which you can find in 1.2.3 snapshots at http://snapshots.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Hardware Configuration
On Mon, Jul 20, 2009 at 5:09 AM, Caroline Stekkecaroline.ste...@univ-rennes1.fr wrote: Thank you for you attention But I have installed this version : 1.2.3-RC1 with FreeBSD 7.1 So for you my newer card, just can work with FreeBSD 7.2 ? I don't know, but it's possible. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Hardware Configuration
Ok, And did you know what is the procedure to compile the driver bge myself. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Hardware Configuration
On Mon, Jul 20, 2009 at 5:17 AM, Caroline Stekkecaroline.ste...@univ-rennes1.fr wrote: Ok, And did you know what is the procedure to compile the driver bge myself. The bge driver is there already. If the NICs aren't detected, they aren't supported by the bge driver in that particular FreeBSD version. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Hardware Configuration
Caroline Stekke schrieb: Thank you for you attention But I have installed this version : 1.2.3-RC1 with FreeBSD 7.1 So for you my newer card, just can work with FreeBSD 7.2 ? Can you download the FreeBSD 7.2 CD and Live ISO, boot that and check if you see the NICs? There are also later-than-FreeBSD7.2 snapshots in the snapshots directory of most FreeBSD FTP mirrors. And of course, there's FreeBSD8... OK, so on checking, I found that it's not bge, but bce (NetXtreme2): http://www.freebsd.org/cgi/man.cgi?query=bceapropos=0sektion=0manpath=FreeBSD+7.2-RELEASEformat=html and apparently only in FreeBSD7.2 So, it should work with the snapshots, right? Maybe this should go in the FAQ, somehow? (How do I know if my NIC is supported?) Regards, Rainer - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Hardware Configuration
Where is the directory where modules are? And what is the command to see the kernel module loading ? Thanks - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Hardware Configuration
we have a Dell R710 which appears to have this chipset, running linux, lspci reports 01:00.0 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) 01:00.1 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) 02:00.0 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) 02:00.1 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) it's being used for testing, I could try firing up a pfSense live cdrom if it'd help?. Paul - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Hardware Configuration
Why not ! I have a Dell R610, so if PfSense works and recognize your network card, it will normally not a problem for me ;-) Caroline Paul Mansfield a écrit : we have a Dell R710 which appears to have this chipset, running linux, lspci reports 01:00.0 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) 01:00.1 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) 02:00.0 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) 02:00.1 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) it's being used for testing, I could try firing up a pfSense live cdrom if it'd help?. Paul - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Hardware Configuration
Date: Mon, 20 Jul 2009 13:27:37 +0200 From: caroline.ste...@univ-rennes1.fr To: support@pfsense.com Subject: Re: [pfSense Support] Hardware Configuration Why not ! I have a Dell R610, so if PfSense works and recognize your network card, it will normally not a problem for me ;-) Caroline Paul Mansfield a écrit : we have a Dell R710 which appears to have this chipset, running linux, lspci reports 01:00.0 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) 01:00.1 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) 02:00.0 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) 02:00.1 Ethernet controller: Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet (rev 20) it's being used for testing, I could try firing up a pfSense live cdrom if it'd help?. Paul - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Well. You could try same command (lspci) and show us what it reports... For example... Or try to switch the troll mode off... Cheers, Tebano. _ With Windows Live, you can organize, edit, and share your photos. http://www.microsoft.com/middleeast/windows/windowslive/products/photo-gallery-edit.aspx
Re: [pfSense Support] seperate gui and console password
On Mon, Jul 20, 2009 at 10:29 AM, Nick Smithnick.smit...@gmail.com wrote: Ive read on this list that you cant add another user to pfsense 1.2 and its single user only. but is there a way to seperate the gui password from the root console password? i know that freebsd has a toor account, does pfsense have the same? is it possible to change the password on that account? thanks for any help, id like to keep the console password to something other than the gui password if at all possible. thanks for the help. Sorry but it is not possible currently. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IGMP packet out of WAN
Sorry for the late reply but i have been busy with work. Read below... On Sun, Jul 19, 2009 at 2:29 AM, Evgeny Yurchenkoevgeny.yurche...@frontline.ca wrote: -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: July 18, 2009 3:50 AM To: support@pfsense.com Subject: Re: [pfSense Support] IGMP packet out of WAN On Mon, Jul 13, 2009 at 6:59 PM, Evgeny Yurchenkoevgeny.yurche...@frontline.ca wrote: No, I can not see in logs. But on LAN I have 18:55:24.602839 IP 192.168.1.2 224.0.0.22: igmp v2 report 239.142.1.1 It does not go out of WAN. And when I disable packet filtering it does go out of WAN. You're using the IGMP proxy package on 1.2.x I presume? It's not blocking it if it isn't getting logged (unless you disabled logging on the default rules), but it sounds like it has some sort of impact on the traffic. I spent some time working with that package and never could get it to pass the traffic as it should, though the code it came from in 2.0 did work for me. Haven't had time to go back and look at it further. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Yes, I use 1.2 release. I am sorry for misinforming you. When I disable packet filtering then packet received on LAN goes to WAN which is quite expected behaviour, so it is not packet generated by igmpproxy. My findings are here. I get in debug mode: igmpproxy, Version 0.1 beta2, Build 090427 Copyright 2005 by Johnny Egeland joh...@rlo.org Distributed under the GNU GENERAL PUBLIC LICENSE, Version 2 - check GPL.txt Debu: Searching for config file at '/tmp/igmpproxy.conf' Debu: Config: Quick leave mode enabled. Debu: Config: Got a phyint token. Debu: Config: IF: Config for interface bge0. Debu: Config: IF: Got downstream token. Debu: Config: IF: Got ratelimit token '0'. Debu: Config: IF: Got threshold token '1'. Debu: Config: IF: Got altnet token 224.0.0.0/4. Debu: Config: IF: Altnet: Parsed altnet to 224/4. Debu: IF name : bge0 Debu: Next ptr : 0 Debu: Ratelimit : 0 Debu: Threshold : 1 Debu: State : 2 Debu: Allowednet ptr : 2820c030 Debu: Config: Got a phyint token. Debu: Config: IF: Config for interface bge1. Debu: Config: IF: Got upstream token. Debu: Config: IF: Got ratelimit token '0'. Debu: Config: IF: Got threshold token '1'. Debu: Config: IF: Got altnet token 224.0.0.0/4. Debu: Config: IF: Altnet: Parsed altnet to 224/4. Debu: IF name : bge1 Debu: Next ptr : 0 Debu: Ratelimit : 0 Debu: Threshold : 1 Debu: State : 1 Debu: Allowednet ptr : 2820c040 Debu: Adding Physical Index value of IF 'bge0' is 1 Debu: buildIfVc: Interface bge0 Addr: 192.168.1.1, Flags: 0x8943, Network: 192.168.1/24 Debu: Adding Physical Index value of IF 'bge1' is 2 Debu: buildIfVc: Interface bge1 Addr: 192.168.7.171, Flags: 0x8843, Network: 192.168.7/24 Debu: Adding Physical Index value of IF 'lo0' is 6 Debu: buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0x8049, Network: 127/8 Debu: Found config for bge1 Note: adding VIF, Ix 0 Fl 0x0 IP 0x0101a8c0 bge0, Threshold: 1, Ratelimit: 0 Debu: Network for [bge0] : 192.168.1/24 Note: adding VIF, Ix 1 Fl 0x0 IP 0xab07a8c0 bge1, Threshold: 1, Ratelimit: 0 Debu: Network for [bge1] : 192.168.7/24 Debu: Network for [bge1] : 224/4 Debu: Got 262144 byte buffer size in 0 iterations Debu: Joining all-routers group 224.0.0.2 on vif 192.168.1.1 Note: joinMcGroup: 224.0.0.2 on bge0 Debu: SENT Membership query from 192.168.1.1 to 224.0.0.1 Debu: Sent membership query from 192.168.1.1 to 224.0.0.1. Delay: 10 Debu: Created timeout 1 (#0) - delay 10 secs Debu: (Id:1, Time:10) Debu: Created timeout 2 (#1) - delay 21 secs Debu: (Id:1, Time:10) Debu: (Id:2, Time:21) Debu: Packet from 192.168.1.1: proto: 2 hdrlen: 20 iplen: 8 or 2048 Note: RECV Membership query from 192.168.1.1 to 224.0.0.1 (ip_hl 20, data 8) ^[[5~Debu: About to call timeout 1 (#0) Debu: Aging routes in table. Debu: Current routing table (Age active routes); - Debu: No routes in table... Debu: --- Then I run small program on my laptop connected to LAN and generating IGMP membership reports and indeed igmpproxy sees them: Debu: Packet from 192.168.1.2: proto: 2 hdrlen: 20 iplen: 8 or 2048 Note: RECV V2 member report from 192.168.1.2 to 224.0.0.22 (ip_hl 20, data 8) Debu: Should insert group 239.142.1.1 (from: 192.168.1.2) to route table. Vif Ix : 0 Debu: No existing route for 239.142.1.1. Create new. Debu: No routes in table. Insert at beginning. Info: Inserted route table entry for 239.142.1.1 on VIF #0 Debu: Joining group 239.142.1.1 upstream on IF address 192.168.7.171
RE: [pfSense Support] IGMP packet out of WAN
-Original Message- From: Ermal Luçi [mailto:ermal.l...@gmail.com] Sent: July 20, 2009 2:38 PM To: support@pfsense.com Subject: Re: [pfSense Support] IGMP packet out of WAN Sorry for the late reply but i have been busy with work. Read below... On Sun, Jul 19, 2009 at 2:29 AM, Evgeny Yurchenkoevgeny.yurche...@frontline.ca wrote: -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: July 18, 2009 3:50 AM To: support@pfsense.com Subject: Re: [pfSense Support] IGMP packet out of WAN On Mon, Jul 13, 2009 at 6:59 PM, Evgeny Yurchenkoevgeny.yurche...@frontline.ca wrote: No, I can not see in logs. But on LAN I have 18:55:24.602839 IP 192.168.1.2 224.0.0.22: igmp v2 report 239.142.1.1 It does not go out of WAN. And when I disable packet filtering it does go out of WAN. You're using the IGMP proxy package on 1.2.x I presume? It's not blocking it if it isn't getting logged (unless you disabled logging on the default rules), but it sounds like it has some sort of impact on the traffic. I spent some time working with that package and never could get it to pass the traffic as it should, though the code it came from in 2.0 did work for me. Haven't had time to go back and look at it further. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Yes, I use 1.2 release. I am sorry for misinforming you. When I disable packet filtering then packet received on LAN goes to WAN which is quite expected behaviour, so it is not packet generated by igmpproxy. My findings are here. I get in debug mode: igmpproxy, Version 0.1 beta2, Build 090427 Copyright 2005 by Johnny Egeland joh...@rlo.org Distributed under the GNU GENERAL PUBLIC LICENSE, Version 2 - check GPL.txt Debu: Searching for config file at '/tmp/igmpproxy.conf' Debu: Config: Quick leave mode enabled. Debu: Config: Got a phyint token. Debu: Config: IF: Config for interface bge0. Debu: Config: IF: Got downstream token. Debu: Config: IF: Got ratelimit token '0'. Debu: Config: IF: Got threshold token '1'. Debu: Config: IF: Got altnet token 224.0.0.0/4. Debu: Config: IF: Altnet: Parsed altnet to 224/4. Debu: IF name : bge0 Debu: Next ptr : 0 Debu: Ratelimit : 0 Debu: Threshold : 1 Debu: State : 2 Debu: Allowednet ptr : 2820c030 Debu: Config: Got a phyint token. Debu: Config: IF: Config for interface bge1. Debu: Config: IF: Got upstream token. Debu: Config: IF: Got ratelimit token '0'. Debu: Config: IF: Got threshold token '1'. Debu: Config: IF: Got altnet token 224.0.0.0/4. Debu: Config: IF: Altnet: Parsed altnet to 224/4. Debu: IF name : bge1 Debu: Next ptr : 0 Debu: Ratelimit : 0 Debu: Threshold : 1 Debu: State : 1 Debu: Allowednet ptr : 2820c040 Debu: Adding Physical Index value of IF 'bge0' is 1 Debu: buildIfVc: Interface bge0 Addr: 192.168.1.1, Flags: 0x8943, Network: 192.168.1/24 Debu: Adding Physical Index value of IF 'bge1' is 2 Debu: buildIfVc: Interface bge1 Addr: 192.168.7.171, Flags: 0x8843, Network: 192.168.7/24 Debu: Adding Physical Index value of IF 'lo0' is 6 Debu: buildIfVc: Interface lo0 Addr: 127.0.0.1, Flags: 0x8049, Network: 127/8 Debu: Found config for bge1 Note: adding VIF, Ix 0 Fl 0x0 IP 0x0101a8c0 bge0, Threshold: 1, Ratelimit: 0 Debu: Network for [bge0] : 192.168.1/24 Note: adding VIF, Ix 1 Fl 0x0 IP 0xab07a8c0 bge1, Threshold: 1, Ratelimit: 0 Debu: Network for [bge1] : 192.168.7/24 Debu: Network for [bge1] : 224/4 Debu: Got 262144 byte buffer size in 0 iterations Debu: Joining all-routers group 224.0.0.2 on vif 192.168.1.1 Note: joinMcGroup: 224.0.0.2 on bge0 Debu: SENT Membership query from 192.168.1.1 to 224.0.0.1 Debu: Sent membership query from 192.168.1.1 to 224.0.0.1. Delay: 10 Debu: Created timeout 1 (#0) - delay 10 secs Debu: (Id:1, Time:10) Debu: Created timeout 2 (#1) - delay 21 secs Debu: (Id:1, Time:10) Debu: (Id:2, Time:21) Debu: Packet from 192.168.1.1: proto: 2 hdrlen: 20 iplen: 8 or 2048 Note: RECV Membership query from 192.168.1.1 to 224.0.0.1 (ip_hl 20, data 8) ^[[5~Debu: About to call timeout 1 (#0) Debu: Aging routes in table. Debu: Current routing table (Age active routes); - Debu: No routes in table... Debu: --- Then I run small program on my laptop connected to LAN and generating IGMP membership reports and indeed igmpproxy sees them: Debu: Packet from 192.168.1.2: proto: 2 hdrlen: 20 iplen: 8 or 2048 Note: RECV V2 member report from 192.168.1.2 to
Re: [pfSense Support] IGMP packet out of WAN
On Mon, Jul 20, 2009 at 9:02 PM, Evgeny Yurchenkoevgeny.yurche...@frontline.ca wrote: [snip] think I'll spend the rest of my life trying to figure out how to install development enviroment on pfSense unless there is a guide somewhere -))) I patched the port so later on a new binary will be available for you to test. Please report back your findings. -- Ermal - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] IGMP packet out of WAN
-Original Message- From: Ermal Luçi [mailto:ermal.l...@gmail.com] Sent: July 20, 2009 6:03 PM To: support@pfsense.com Subject: Re: [pfSense Support] IGMP packet out of WAN On Mon, Jul 20, 2009 at 9:02 PM, Evgeny Yurchenkoevgeny.yurche...@frontline.ca wrote: [snip] think I'll spend the rest of my life trying to figure out how to install development enviroment on pfSense unless there is a guide somewhere -))) I patched the port so later on a new binary will be available for you to test. Please report back your findings. -- Ermal Thank you Ermal, please let me know when I can grab this new binary. Eugene - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Anything like fail2ban for PFSense?
Some of my pfsense boxes get a lot of SSH bruteforces; is there a package like fail2ban out there which could automatically blacklist IPs after x bad logins? Best Regards Nathan Eisenberg Sr. Systems Administrator Atlas Networks, LLC supp...@atlasnetworks.usmailto:supp...@atlasnetworks.us http://support.atlasnetworks.us/portal
Re: [pfSense Support] Anything like fail2ban for PFSense?
2009/7/21 Nathan Eisenberg nat...@atlasnetworks.us: Some of my pfsense boxes get a lot of SSH bruteforces; is there a package like fail2ban out there which could automatically blacklist IPs after x bad logins? Best Regards Nathan Eisenberg Sr. Systems Administrator Atlas Networks, LLC supp...@atlasnetworks.us http://support.atlasnetworks.us/portal Hello Nathan, a simple solution w/o an extra pakage is a) change the ssh-port to something other like 666 b) limit the connection-rate to a preferred useful value in the filter-rules c) both a) and b) regards michael -- = = = m i c h a e l - s c h u h . n e t = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Anything like fail2ban for PFSense?
2009/7/21 Michael Schuh michael.sc...@gmail.com: 2009/7/21 Nathan Eisenberg nat...@atlasnetworks.us: Some of my pfsense boxes get a lot of SSH bruteforces; is there a package like fail2ban out there which could automatically blacklist IPs after x bad logins? Best Regards Nathan Eisenberg Sr. Systems Administrator Atlas Networks, LLC supp...@atlasnetworks.us http://support.atlasnetworks.us/portal Hello Nathan, a simple solution w/o an extra pakage is a) change the ssh-port to something other like 666 b) limit the connection-rate to a preferred useful value in the filter-rules c) both a) and b) forgotten, sorry d) the pf-filter supports your wished blacklist-feature, but i'm not shure if pfsense also supports this functionality? regards michael -- = = = m i c h a e l - s c h u h . n e t = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = -- = = = m i c h a e l - s c h u h . n e t = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org