Re: [pfSense] Enforcing policy routing gateway
On Fri, Jan 9, 2015 at 11:07 PM, Tim Eggleston tim.li...@eggleston.ca wrote: On 2015-01-09 19:45, Chris Bagnall wrote: Check the setting of System - Advanced - Miscellaneous - Skip rules when gateway is down. Nice! That sounds like exactly what I'm after. Shame it's global and not a per-policy-route or per-gateway setting but I'll take what I can get. Many thanks! ---tim Depending on how complex your rules are, you could also create negative versions of them that explicitly block that traffic on all other interfaces except the VPN. (Aliases could help simplify that, but you may or may not actually want to do it, depending on the rule complexity.) Moshe -- Moshe Katz -- mo...@ymkatz.net -- +1(301)867-3732 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Enforcing policy routing gateway
On 2015-01-11 19:40, Moshe Katz wrote: Depending on how complex your rules are, you could also create negative versions of them that explicitly block that traffic on all other interfaces except the VPN. (Aliases could help simplify that, but you may or may not actually want to do it, depending on the rule complexity.) I'd love an option to reject/drop/whatever traffic destined to unavailable gateways, this is far better than leaking the traffic out the wrong gateway for my purposes. However, at the moment it adds a fairly significant amount of overhead to have to duplicate every rule with a Or else just reject the above... It's functional, but a hassle. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] pfSense 2.2RC resolv.conf settings
Hi, I just put pfSense 2.2RC on my filewall and I noticed that the PHP code that generates the resolv.conf file will add the line options edns0 to resolv.conf if the the unbound config has the edns option set. I didn't see any way in the GUI to set this option. I'm I missing something, or has this not been impletemented yet? How/when will this option be available? Walter -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold