On Thu 11 Dec 2014 01:51:32 NZDT +1300, Vick Khera wrote:
If you're using my DNS zone to generate a block list for my IPs I can
make those names return anything I want and get through anyway.
I use hostnames in rules to permit my home office (which has a dynamic IP)
to administer the
On Tue, Dec 9, 2014 at 5:19 PM, Chris L c...@viptalk.net wrote:
If you’re using my DNS zone to generate a block list for my IPs I can
make those names return anything I want and get through anyway.
I use hostnames in rules to permit my home office (which has a dynamic IP)
to administer the
I found the problem. My ISP changed the WAN gateway to be mostly
non-responsive to pings. But only mostly, so pfsense plays yoyo with it.
Aliases containing FQDN entries are removed from pf tables (pfctl -T
show -t aliasname) at the start of any rule or alias change, related to
the alias with
On 9/12/14 12:24 pm, Volker Kuhlmann wrote:
I found the problem. My ISP changed the WAN gateway to be mostly
non-responsive to pings. But only mostly, so pfsense plays yoyo with it.
Funny you should mention that. I've seen similar on a few of our pfSense
deployments of late, with several
On Wed 10 Dec 2014 01:30:49 NZDT +1300, Chris Bagnall wrote:
Yes I was wondering about (basically useless) rate limiting too.
I used the ISP's web server. Or use one of the top 10 companies' one, or
one of the big CDNs. For single WAN pinging 1/s doesn't quite make sense
to me either so I
On Dec 9, 2014, at 1:13 PM, Volker Kuhlmann list0...@paradise.net.nz wrote:
Is this why gateway monitoring is active by default? I'd have guessed
most pfsense installs to be single WAN. What would gw monitoring be
useful for then? Nothing could be done about the Internet going
offline.
It’s
On Wed 10 Dec 2014 07:39:36 NZDT +1300, Ryan Clough wrote:
I, too, am using aliases which do not retain domain names or IP addresses.
I opened https://redmine.pfsense.org/issues/4087
What happens is that a rule reload, which can be triggered by many
things e.g. interface yoyo (see WAN gw) or
On Dec 9, 2014, at 2:04 PM, Volker Kuhlmann list0...@paradise.net.nz wrote:
On Wed 10 Dec 2014 07:39:36 NZDT +1300, Ryan Clough wrote:
I, too, am using aliases which do not retain domain names or IP addresses.
I opened https://redmine.pfsense.org/issues/4087
What happens is that a rule
I have some aliases containing FQDNs instead of IP addresses (very
useful feature). However they keep on being removed from the pf rules.
For example an alias of type networks contains IP addresses, IP
networks, and domain names. When I check with
pfctl -t aliasname -T show
Only the IP
