On Wed, Nov 23, 2011 at 1:34 PM, Ugo Bellavance u...@lubik.ca wrote:
We're thinking about replacing our CheckPoint Firewall-1 by pfSense. We
are using only those features on Firewall-1 (R65):
Concerns:
3- Backups. Are automated backups (of the config, at least) possible even
w/o a
On Wed, Feb 22, 2012 at 6:03 PM, Karl Fife karlf...@gmail.com wrote:
The file:
/cf/conf/dyndns_wanzoneedit'my**.domain.net http://my.domain.net'.cache
Indeed contains the cached IP address, but the file system is mounted
read-only. I assume this is due to the fact that I am running the
On Wed, Feb 29, 2012 at 6:14 PM, Jason T. Slack-Moehrle
slackmoeh...@gmail.com wrote:
When I plug my laptop into the LAN and try and hit one of the websites I
host I get forwarded the pfsense admin URL but get an error that states:
Potential DNS Rebind attack detected, see
On Wed, Feb 29, 2012 at 7:26 PM, Jason T. Slack-Moehrle
slackmoeh...@gmail.com wrote:
am I blind in seeing where I would create DNS entries on the pfSense box
to run it as a DNS Server?
On Thu, Mar 15, 2012 at 5:00 AM, Chris Buechler c...@pfsense.org wrote:
On Thu, Mar 15, 2012 at 5:01 AM, Raimund Sacherer r...@logitravel.com
wrote:
I would wish that pfSense integrates a simple REST API for functionality
like that:
Me too. Patches welcome.
I would be interested in
I think you got your answer already about a week ago from Ermal and Chris.
http://lists.pfsense.org/pipermail/list/2012-June/002312.html
http://lists.pfsense.org/pipermail/list/2012-June/002318.html
pfSense has significant customization in the kernel.
If you really need this feature that much
I would like add a HE IPv6 tunnel to two of my servers without adding a
tunnel for the whole network.
I was looking at adding an option for each 1:1 to forward protocol 41 just
for that public IP. (maybe a checkbox on the 1:1 create/edit page)
Is there any reason this would not work?
If I
Lets start by defining the terms to make sure we are all talking about the
same things:
http://www.ipcop.org/2.0.0/en/install/html/preparation-network-interfaces.html
On Sat, Sep 29, 2012 at 4:36 PM, Johnny mill...@cinci.rr.com wrote:
1 nic is on green
*GREEN - This network only connects to
Short reply since I am on a mobile device: NAT Relection
On Monday, April 29, 2013, Bryant Zimmerman wrote:
I have several vlans on a pfsense deployment. VLAN 100 has one of our
public DNS servers on it. I have a customer VLAN 2000 that needs to be able
to relay through the DNS server. The
On Wed, Oct 9, 2013 at 5:16 PM, Thinker Rix thinke...@rocketmail.comwrote:
Can this flame be put to an end or continued via private mail?
But: Interpreting your message, I guess you are participating at this
mailing list with a mail reader that just pours all incoming mail into one
folder -
We use Fail2Ban with pfSense with a custom php script (on the firewall)
that adds the appropriate firewall rules.
We have fail2ban set up with multiple levels - so the action to ban in
pfSense only happens after several attempts at other services on one
machine. That way we can assume the ban
Since we keep coming back to FreeBSD as it pertains to security:
3) FreeBSD is very mature, and very well reviewed. I've looked into
FreeBSD to my personal satisfaction. OpenBSD may be abrasive as a
community at times, but their work product is pretty impressive in terms of
being clean and
Probably would not work (or would get whoever did that thrown in jail).
This is similar to a Warrant Canary, but the USDoJ has indicated that
Warrant Canaries would probably be grounds for prosecution of violation of
the non-disclosure order.
- Y
On Friday, October 11, 2013, Adrian Zaugg wrote:
On Fri, Oct 11, 2013 at 1:41 PM, Thinker Rix thinke...@rocketmail.comwrote:
Probably would not work (or would get whoever did that thrown in jail).
This is similar to a Warrant Canary, but the USDoJ has indicated that
Warrant Canaries would probably be grounds for prosecution of violation of
As of about a month ago (
https://github.com/pfsense/pfsense/commit/1cddd59c4ed2341f87cf58d9b67d45c82ffd99d0)
StartTLS is an independant setting and should work no matter what port you
are using.
I do not know whether that code has made it to a release (can log in to
check from where I am now) and
This looks like it was added in
f4dd8b4c6663c172371b7b1317eb911d4e1e5db8https://github.com/pfsense/pfsense/commit/f4dd8b4c6663c172371b7b1317eb911d4e1e5db8
but
was not backported from master to 2.1.
- Y
On Sat, Oct 19, 2013 at 3:29 PM, İhsan Doğan ih...@dogan.ch wrote:
Hi,
My FTTH ISP here
I know some Cisco switches have the option to block DHCP replies on ports
not marked as trusted (DHCP Snooping). I have never seen one where I had
access to the configuration and the setting was on, so I am not sure what
to expect, but it might explain why you don't see the reply in a mirror.
- Y
I can get to it with no problem.
http://www.downforeveryoneorjustme.com/http://www.pfsense.org/
I will let someone else chime in on the upgrade question, since I have not
done that type of upgrade, but it has come up on the list.
- Y
On Tue, Nov 5, 2013 at 9:39 AM, Curtis Maurand
This project: https://github.com/FiloSottile/Heartbleed (which I have
contributed to) allows you to check any STARTTLS-based service
(POP/IMAP/SMTP/etc).
I am not sure what would need to be changed for OpenVPN.
- Y
On Fri, Apr 11, 2014 at 9:57 AM, Tim Nelson tnel...@rockbochs.com wrote:
HTTP Host headers are not even seen by the firewall unless some type of
Deep Packet Inspection is running or the firewall is the destination and
runs a proxy to the other servers.
The alias method suggested will not work in this case (as you found)
because pfSense does not check the host headers.
I am also using NRPE (with Icinga). I have Icinga creating the reports
which I include elsewhere. The information you get is limited to what
Icinga or other NRPE client can pull.
- Y
On Tue, Jan 27, 2015 at 12:15 PM, James Records james.reco...@gmail.com
wrote:
Not sure if this is exactly what
If you are forwarding the ports to other machines, it is those machines
which need and update, not pfSense.
This is the test: get out your ssh client of choice and connect to the port
from outside. If you get something that is not pfSense, then upgrading ssh
on your firewall isn't going to help.
I agree with everything my brother said except recommending the Uniquiti
EdgeSwitch.
We have seen a few instances of the EdgeSwitch locking up without any
apparent reason (once we traced it to a thermal issue, but we couldn't find
a cause for the others).
The EdgeSwitch also only has a 1 year
23 matches
Mail list logo