Re: [pfSense] 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign • The Register - patch to pfsense?

> Am 10.01.2018 um 00:14 schrieb Kyle Marek : > > This contradicts the majority of the purpose of virtualization. Interesting that you bring it up…. I give you Theo de Raadt in late 2007: https://marc.info/?l=openbsd-misc&m=119318909016582

Re: [pfSense] Transparent proxy for WiFi users

> Am 02.01.2018 um 14:46 schrieb Roberto Carna : > > Dear, I've setup a Squid transparent proxy + Squidgard on pfSEnse 2.4 > in order to filter HTTP and HTTPS web content for different types of > WiFi clients on my company: > > - Android (different versions) > - Notebooks Windows 7/10 > - Iphon

Re: [pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

> Am 03.11.2017 um 14:40 schrieb Richard A. Relph : > > I’ve heard Google will be removing certificate pinning from Chrome soon… > Yeah, for public sites. They’ll still make sure nobody can sign anything *.google.*, have users import a private root certificate and then sniff connections to t

Re: [pfSense] pfSense 2.4 with ZFS, will it solve corrupt systems

> Am 05.08.2017 um 15:07 schrieb Jim Pingle : > > ZFS is self-healing and though we have not been able to reproduce the > corruption issues seen by some with UFS, all evidence points to ZFS not > being susceptible to those problems. It’s really only „self-healing“ if you have two or more disks.

Re: [pfSense] RRD alternatives

> Am 28.02.2017 um 18:06 schrieb Travis Hansen : > > While not entirely the same, I'm working on getting Prometheus node_exporter > available inside pfsense. > https://prometheus.io/ > https://github.com/prometheus/node_exporter > > When prometheus is then combined with grafana dashboards it pr

Re: [pfSense] Unexplained reboots

> Am 24.10.2016 um 22:04 schrieb mayak : > > On 10/24/2016 09:41 PM, Rainer Duffner wrote: >> >> Does the iLO say something? >> ECC errors? >> >> Did you do a Firmware Update? >> >> Spontaneous reboots are often hardware-problems. > Hi

Re: [pfSense] Unexplained reboots

> Am 24.10.2016 um 21:39 schrieb mayak : > > Hi All, > > I have an HP-Dl380G7 with 24G and 2 processors -- ridiculous hardware, gut I > got it for free. It's got 2 power supplies and is sitting in a data center. > > This morning around 11:00 CET, it just rebooted, and has now done it again at

Re: [pfSense] How to determine supported packages without installing

> Am 18.06.2016 um 01:03 schrieb Steve Yates : > > I suspect package compatibility is not maintained on per-pfSense-version > basis. Meaning, packages worked on 2.x up until the package changes on 2.3, > and probably will work on into the future until the next breaking change. > > https://doc

Re: [pfSense] pfSense on vmware ESXi 6.0

> > I plan to throw pfSense into xen. I would like to know the answers to the > questions you are asking anyways heh. https://forum.pfsense.org/index.php?topic=109751.0;topicseen ___

Re: [pfSense] PFSense for high-bandwith environments

> Am 18.02.2016 um 19:13 schrieb Walter Parker : > > There is an optimization coming for pfsense. There is a new user space > routing daemon. netmap I think, that can reach line rate on 10G NICs (14.88 > Mpps). There was a BSDCon that talked about a future version of pfsense > using this system.

Re: [pfSense] Maximum number of established connections per host questions

> Am 02.02.2016 um 22:28 schrieb Ugo Bellavance : > > Hi, > > We are thinking about limiting the amount of connections that can be open per > IP address. We want to avoid getting hammered on a web service that is used > by some clients. We've discovered that they sometimes open just as many h

Re: [pfSense] WHY: SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)

> > On investigation, we found the certificate is not the problem as our > certificate is already 2048 bit. > > What else might this be? > > Thanks https://weakdh.org Out of interest, I looked into this. I haven’t exposed my web-interface, so I can’t check with ssllabs

Re: [pfSense] GUI performance on an ALIX 2d3

> Am 13.08.2015 um 23:28 schrieb Erik Anderson : > > Hello all - > > I've been running pfSense on my ALIX 2d3 happily for many years now. > For the most part, it still does its job well. However, with most > recent release, any changes made in the GUI take a *long* time to > commit. By long I me

Re: [pfSense] Is there a way to version-control the configuration?

> Am 01.08.2015 um 20:02 schrieb Tim Eggleston : > > > Yes that is possible, but locally managed. >> I would prefer some SVN or git way. > > Ah, gotcha. For those that have pfsense gold, there is the option to take > advantage of the pfsense-hosted autobackup solution. That said, the > config.

[pfSense] Is there a way to version-control the configuration?

Hi, we have a device from another manufacturer (it’s a WAF). Also configured via a WEB-Gui. In there, you make your changes to the configuration and when you’re satisfied with it, „commit“ the changes to (what looks like) RCS and subsequently activate them. You can also easily roll-back to prev

Re: [pfSense] Got an alert after updating to 2.2.4

> Am 31.07.2015 um 08:38 schrieb Chris Buechler : > > On Thu, Jul 30, 2015 at 5:34 PM, Rainer Duffner > wrote: >> php: rc.bootup: New alert found: pfSense requires at least 128 MB of RAM. >> Expect unusual performance. This platform is not supported. >

[pfSense] Got an alert after updating to 2.2.4

php: rc.bootup: New alert found: pfSense requires at least 128 MB of RAM. Expect unusual performance. This platform is not supported. I have an Alix board: CPU: Geode(TM) Integrated Processor by AMD PCS (431.65-MHz 586-class CPU) Origin = "AuthenticAMD" Id = 0x5a2 Family = 0x5 Model = 0xa

Re: [pfSense] Loading pfSense on Netgate 1U rack mount server c2758

> Am 02.07.2015 um 20:31 schrieb Paul Upson : > > I recently purchased this device and am now trying to load pfSense onto it > using a usb stick. Each time the load fails with the following error. > Mounting from cd9660:/dev/iso9660/PFSENSE fails with error 19. I found a > post that said to add t

Re: [pfSense] pfSense as GUI and stripped OS for dedicated Cacheing name server

> Am 31.03.2015 um 08:49 schrieb Scott Lambert >: > > I remember seeing something years ago about the ability to use pfSense > as an appliance to run a dedicated process. I think the post was > specifically about running a name server. > > My search-fu is not gre

Re: [pfSense] Difference between APU4 and APU1C4

Am 22.07.2014 um 21:29 schrieb Nickolai Leschov : > The difference is not $200, but about $100 with 8GB Sandisk Extreme Secure > [sic!] SDHC card included. > > 1. What's secure about this card? I suppose it's a regular SDHC one. > > 2. I would like to pay less, but I'm worried about assembling

Re: [pfSense] The Heartbleed Bug, CVE-2014-0160

Am 08.04.2014 um 21:04 schrieb Jim Thompson : > > Well, that’s the point, Paul. (You hit the nail on the head.) > > If you don’t have an openssl service exposed, the problem doesn’t affect you. > > Since normally the web GUI isn’t exposed to the WAN, the attack surface is > minimized. > > W

Re: [pfSense] Hardware requirements for gigabit wirespead

Am Fri, 25 Oct 2013 10:08:14 +0200 schrieb Eugen Leitl : > On Thu, Oct 24, 2013 at 07:18:28PM -0500, Jim Thompson wrote: > > > The topic has wandered away from pfSense. > > It is rather interesting though, so please don't kill that > thread just yet. Indeed. I'd like to add that AFAIK, for pu

Re: [pfSense] not all backdoors are NSA backdoors

Am Tue, 15 Oct 2013 12:24:42 +0100 schrieb Vincent Hoffman : > pkgng allows signed binary packages on FreeBSD and poudriere makes > maintaining a repo stupidly simple if that helps. > https://glenbarber.us/2012/06/11/Maintaining-Your-Own-pkgng-Repository.html AFAIK, it's not an X509 certificate,

Re: [pfSense] Blocking HTTPS Attachments only

Am 15.05.2013 um 20:46 schrieb "Mr. Parkis" : > pfsense newbie here - > > Is there a way to block users from sending attachments via webmail (HTTPS) - > I do not want to block access to personal mail accounts. Just the ability for > users to send attachments via. > > so all users can access

Re: [pfSense] Getting started with IPv6

Am 16.04.2012 um 20:36 schrieb Seth Mos: > Hi there, > > Something of a nutshell series here, I'm probably not explaining a lot but > would like to point out a few of the largest handles on this IPv6 thing > people keep complaining talking about. I wish to say that this is an extremely hel

Re: [pfSense] Request for help: Seeking pfSense user with access to 6RD IPv6 WAN

Am Wed, 01 Feb 2012 17:18:41 +0100 schrieb Seth Mos : > Op 1-2-2012 16:41, Chris Bagnall schreef: > > On 1/2/12 2:15 pm, Seth Mos wrote: > >> I am seeking a user(s) that has access to a 6RD IPv6 connection so > >> we can test our development 6RD code. > > > > Out of curiosity (and this is more aim

Re: [pfSense] Preparing a PFsense box to post to remote site

Am Tue, 24 Jan 2012 09:18:18 -0700 schrieb David Burgess : > On Tue, Jan 24, 2012 at 9:11 AM, Gavin Will > wrote: > > > Then when the person at the remote site plugs it in I just need to > > ask them to do a “what is my ip” in google and I can then connect > > up. > > > Or setup a dynamic DNS

[pfSense] VDSL - need a reboot to activate

Hi, I recently changed from ADSL to VDSL (in Switzerland). After some issues with the cabling, I got it to work eventually. Yesterday, I realized that to get it to work, I have to reboot the ALIX that pfSense 2.0 runs on. I plugin the zyxel bridge, wait till it has synchronized with the DSLAM, t

Re: [pfSense] Direct purchase of pfSense book pdf

Am Fri, 30 Sep 2011 14:24:58 +0200 schrieb David Brown : > The thought had occurred to me, but I didn't like to mention it :-) For obvious reasons. I do own the paper version (and only the paper version), just for the record. ;-) And I do know that book-piracy is a big problem especially for bo

Re: [pfSense] Direct purchase of pfSense book pdf

Am Fri, 30 Sep 2011 10:57:03 +0200 schrieb David Brown : > On 30/09/2011 09:50, Chris Buechler wrote: > > On Fri, Sep 30, 2011 at 3:24 AM, David > > Brown wrote: > >> Hi, > >> > >> Is it possible to buy a copy of the pfSense book as a pdf file, > >> with the money going directly to the pfSense pr