?
Would any common rules (say, blocking pings) need to be duplicated for each or
could they apply to both?
Thanks,
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https
e the additional subnet to your existing
> WAN IP. Then you don't need to do anything with CARP/HA except make sure
> primary and secondary are both set up to deal with the routed traffic.
But (per the above) we would have two WAN IPs?
--
Steve Yates
ITS, Inc.
_
reply to you...
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Steve Yates wrote on Fri, Feb 27 2015 at 12:29 pm:
> Two WAN IP, two LAN IP, and two more for sync.
And reading this, I didn't write what I meant, so to just correct it
all, 3 WAN, 3 LAN, and 2 for sync.
--
Steve Yates
ould that require three "LAN side" public IPs for the two firewalls
out of that second subnet also?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Chris L wrote on Fri, Feb 27 2015 at 3:34 pm:
>> On Feb 27, 2015, at 12:37 PM, Steve Yates wrote:
>>
>> Chris L wrote on Fri, Feb 27 2015 at 12:10 pm:
>>
>>> Hopefully the provider can just route the additional subnet to your
>>> existing WAN IP. Then
Steve Yates wrote on Mon, Mar 2 2015 at 1:05 am:
> the scenario is: no NAT, multiple public IPs in use on the "LAN" side
> from two different subnets, and pfSense acting as a firewall.
I received an email directly...to perhaps shorten my example, if we
have two public
Steve Yates wrote on Mon, Mar 2 2015 at 9:09 am:
> I received an email directly...to perhaps shorten my example, if we
> have two public subnets 1.1.1.0/28 and 2.2.2.0/28, I would like to use both of
> those subnets on different servers, use pfSense as the firewall, and use CARP.
&
> Using CARP implies that you care about reliability during edge cases and
> partial failures. If so, then you need to do it right and use 3 IPs where
> you want 1 carp.
I hear you. I guess part of me just dislikes the possibility of "wasting" 12 or
18 IPs (6 per subnet) a few years down the
php?title=Redirecting_all_DNS_Requests_to_pfSense&redirect=no
Or possibly add the entries manually on the DNS Resolver page, Host Overrides
or Domain Overrides sections.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo
o looking at using one of the
unused IPs from the /29 to provide NAT to a separate network on private IPs.
--
Thanks all,
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
"admin"? Or is the error message hard
coded to display "admin"?
This is with v2.2.1.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Steve Yates wrote on Wed, Mar 18 2015 at 4:49 pm:
> If enable the HA sync setting for "Synchronize Config to IP" with the
> backup node's IP, and Remote System Username and Password for the backup,
> I get errors on the master like:
>
> [ An authentication fa
Steve Yates wrote on Wed, Mar 18 2015 at 4:49 pm:
> Is it hard coded to use "admin"?
Never mind, I reread the docs again. "Enter admin for the Remote
System Username (other usernames will not work"
___
pfS
? It detects an ARP entry for
64.79.96.149 just fine. It also doesn't have an ARP entry for 64.79.96.148
which is the WAN IP of the second router.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
S
Steve Yates wrote on Wed, Mar 18 2015 at 7:02 pm:
> and pinging .150 yields "Destination host unreachable" since it doesn't think
> it
> has anywhere to send the routed traffic. I noticed our office router does not
> detect an ARP entry for the CARP IP.
9.8.0/24. Add firewall rules to the OpenVPN interface on pfSense.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
will go to server1 and not get to pfSense.
Or, if server1 connects to the Internet directly, and pfSense connects
to the Internet separately (so they are in parallel), and you have two WAN IP
addresses, that will work.
--
Steve Yates
ITS, Inc.
says "By default all carp(4) interfaces are added to the carp group." However
if I run "ifconfig -v" on pfSense no groups are listed for em0 and em1, only
lo0, enc0, and ovpns1. I created a pfSense interface group "carpgroup" for
0 to 101).
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
clicking around a lot, but
it seems to be repeatable.
--
Steve
Steve Yates wrote on Mon, Mar 23 2015 at 2:50 pm:
> Just ran into an odd scenario in my testbed...if pfSense (router1) is in a VM
> (Parallels Cloud/Virtuozzo), and I run "service network restart" on the host
> for
27;s
CARP alias is in that state, setting the skew on router1 back to 0 does not
sync over to router2; its skew stays at 101. It's as if the link is broken.
--
Steve Yates
ITS, Inc.
ED Fochler wrote on Tue, Mar 24 2015 at 9:55 am:
> Steve,
> I have explicit multicast, network
o
reiterate the fix, open the CARP IP on router2, change nothing and click Save)
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Steve Yates wrote on Wed, Mar 25 2015 at 1:22 pm:
> In my other thread, diagnosing why failback only moved back the WAN
> IPs, if the physical host had its network restarted underneath my router VM.
Sorry, had that backwards FWIW; it only moved back the LAN. Again, not
a
e syncing just fine for me. Is your firewall log set
to show packets logged by the default block rule?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
gs off in pfSense would far
outweigh any benefit. It seems to me that if DNS resolving is enabled, all
pfSense might need is a LAN interface/IP and a gateway.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/list
entry format and make it a
tad more idiot-proof. :)
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
edirects...try
deleting its cache?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
ill not pass traffic for any other
listed IPs in this alias" or similar?
Reading what I just wrote, what happens if a valid hostname ever can't
be resolved in the future? The rule stops working then also?
--
Steve Yates
ITS, Inc.
PiBa wrote on Mon, Apr 20 2015 at 12:27 p
il the "hostname"/IP block was fixed.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
he firewall/packet level. At that point
(theoretically) I suppose CloudFlare would have to have functionality to act as
a firewall? And pfSense configured to only allow traffic from it.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.
PCI scanning is now failing TLS 1.0 connections. Is it as simple as
adding "tls-version-min 1.1" (or 1.2) to the OpenVPN: Server/Advanced
configuration/Advanced text box?
--
Steve Yates
ITS, Inc.
___
pfSense mailing
#x27;t match the hostname
if the hostname doesn't have the * in it...
OpenVPN requires a self-signed cert.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Ermal Luçi wrote on Wed, Jun 17 2015 at 10:22 am:
> On Wed, Jun 17, 2015 at 4:40 PM, Steve Yates wrote:
>> OpenVPN requires a self-signed cert.
>>
>
> Can you report the issue with OpenVPN on self-signed cert?
It's been a few months but if I recall co
IPs (same), and they recommend a separate interface
on each for syncing.
If you're asking how to get to the servers, we plug a patch cable into
the switch in our rack...
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists
a recurring appointment in Outlook?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
ome data centers allow access to turn on/off power plugs on demand. Or a tech
can plug something in.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
We're considering using something like pfSense for more active
perimeter security for clients, in front of web servers, etc. Do you generally
add packages into pfSense for that? If so, which ones? Or do you use
something separate in-line, like say Untangle?
--
Steve Yates
ITS
LAN IP and that would be the
gateway on your computers. So .18-.22 would be usable on your "LAN" side.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
nd a convoluted setup of going out NIC 2 back
into NIC 3, with NIC 4 the private IP network. Seems error-prone, though.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
aren't
running web servers in house, and the antivirus we prefer includes IDS.
--
Steve Yates
ITS, Inc.
Travis Hansen wrote on Thu, Jun 25 2015 at 7:01 pm:
> Are you after snort and/or suricata? Probably others available as
> well.. Travis Hansen travisghan...@yahoo.com
>
>
&
e to connect via the WAN
IP also.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
on your WAN?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Ryan Coleman wrote on Thu, Jul 9 2015 at 5:24 pm:
> I switched it to port 21 and it’s still not working externally, either.
Not sure if you said what FTP client you're using. FileZilla has some
debug logging modes that might help narrow down the issue.
--
Steve Yates
e WAN interface. However,
IPs from within that /24 still show in the Alerts tab?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
devices can be access points, wireless clients, or bridges, but
not more than one. I would expect if you connect the printer to the LAN, then
anyone using the printer would need to connect to the LAN's AP instead of
directly to the printer.
--
S
7;t have TLS 1.1+
enabled by default.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
e routing so it could have firewall rules set up.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
d server to the WAN side of pfSense,
so they would not be using pfSense at all.
You can't connect the networks through pfSense and around it at the same time...
--
Steve Yates
ITS, Inc.
Justin Edmands wrote on Mon, Jul 27 2015 at 3:53 pm:
> I have setup a dual gateway setup I have c
point, with the "LAN" computers behind it.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
I think you're looking for Snort or Suricata. Presumably someone would
have detections for asterisk by now?
--
Steve Yates
ITS, Inc.
mayak wrote on Sat, Jul 25 2015 at 7:31 am:
> hi all,
>
> i have a number of asterisk instances behind pfsense -- 5060 is open to the
Still not sure why it wasn't honoring the Suppress instruction.
--
Steve Yates
ITS, Inc.
Steve Yates wrote on Mon, Jul 13 2015 at 3:16 pm:
> I got Suricata installed and operating. I found, oddly, that the
> highest
> volume of packet errors alerted was to/from Symantec I
load. Recent PHP
versions (5.3+?) require the time zone to be set in php.ini or other PHP-read
.ini files. It's just a warning so isn't an indicator of a problem in and of
itself.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://list
> 2.- The WAN network don't work. No access to Internet using or not,
> DNS service in pfSense box. ping, traceroute, dig directly from
> pfSense box not work.
If you can't ping/traceroute by IP address, it's not a DNS issue.
error?
2) System/Packages shows v1.2.20 installed. Looking at its changelog page, it
looks like 2.3.6 is the OpenVPN version?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project
> I don't have any trouble adding NAT
> rules that forward the .217 through to my internal network.
If that works, it sounds like .217 is your IP, and not your gateway as
they documented. What is the gateway on your WAN connection?
--
Steve Yat
ARP shared LAN
IP, it listens on that alias. Did you check your firewall log/rules?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
to keep isolated. Can we set up a second SSID that would
connect to that room's network? Or should we just get an access point for that
room?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Suppor
Steve Yates wrote on Tue, Nov 24 2015 at 9:28 am:
> We haven't used wireless with pfSense yet. The manuals for the
> hardware models don't seem to mention how to set up the optional
> wireless. The doc site suggests not using wireless in pfSense?
> (https://doc
on firewall rules which the
OP specifically asked about and I'll admit I didn't realize pfSense had.
I couldn't find a "part 2" though...?
>> A quick Googling came up with this:
>>
>> http://www.wedebugyou.com/2012/11/how-to-prev
fixed. Until then, 2.1.5 rules the
> roost.
Per that bug report (https://redmine.pfsense.org/issues/4326), it
sounds like it's only an issue if NAT is being used, correct? They work if NAT
is not in use?
--
Steve Yates
ITS, Inc.
__
authentication error. If not, double check you have a
firewall rule allowing sync traffic between the two? We have rules on that
interface allowing IPv4 PFSYNC, IPv4 CARP, and for good measure IPv4 *, from
and to our "PFSYNC net" interface.
--
Steve Yates
ITS, Inc.
_
Ethernet port speed is
still going to be 100 because the only choices are 10, 100, 1000, or 10 Gbit.
Likewise, if the colo has a lot of traffic, he may not get a 100 Mbps
download speed when testing.
--
Steve Yates
ITS, Inc.
___
pfSense
Steve Yates wrote on Tue, Dec 15 2015 at 5:04 pm:
> Per that bug report (https://redmine.pfsense.org/issues/4326), it
> sounds like it's only an issue
> if NAT is being used, correct? They work if NAT is not in use?
To follow up I set up a limiter on our data cent
small JavaScript tip: define a function for document.getElementById like so
and it will save a lot of repeated text on a page that big:
function x() {
return document.getElementById(arguments[0]);
}
--
Steve Yates
ITS, Inc.
___
pfSense mailing
Steve Yates wrote on Tue, Jan 12 2016 at 1:25 am:
> 6) I started on pfSense 2.2.5 and upgraded both routers to 2.2.6 since it
> said it
> fixed some sync issues. On at least two occasions, with 2.2.6, I start
> getting
> "unread notice" alerts for sync errors, and can
ing/Starting all packages.
...maybe "restarting packages" is interfering with the Suricata sync?
Or possibly the default Suricata sync timeout of 150 seconds needs to
be a *lot* higher?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
h
first. Usually I don't hurry to upgrade without a reason but I've never had a
problem upgrading 2.x versions. That said I read the changelog-in-progress for
2.3 and it looks like a big overhaul.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
nd it didn't help my issue...
Steve Yates
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Also note the list is available at https://www.dshield.org/block.txt
and https://secure.dshield.org/block.txt either of which are probably better
to use/list since they use HTTPS.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
e ruleset" and see if that shows
the block in your firewall log. And just to over clarify, it is the FTP server
that tells the client what port to use, so you can't control that unless you
control the FTP server.
--
Steve Yates
ITS, Inc.
_
ons work?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
se is hardcoded to use "admin"...but it sounds like you get
a successful sync so that can't be it.
Now I only have issues with the Suricata package sync occasionally causing the
web GUI (I think PHP-FPM really, which prevents the GUI from working) on the
slave to stop responding.
--
ge compatibility list for 2.3.x?
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of mayak
Sent: Wednesday, April 13, 2016 5:17 AM
To: pfSense support and discussion
Subject: [pfSense] 2.3 show stopper - bind package missing -- d
s are not available. See Package Port List for a list of packages
currently available on 2.3."
https://doc.pfsense.org/index.php/Package_Port_List
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jeff H
Sent: Wednesday, Apri
st
Subject: Re: [pfSense] 2.3 show stopper - bind package missing -- don't install
if you need bind!
On Wed, Apr 13, 2016 at 1:48 PM, Steve Yates wrote:
> The release notes don't mention specific package compatibility
Yes it does.
"Packages
The list of available packages in
all states and such but
unless you're expecting a super high number of connections I would probably
just turn it on and check the settings periodically.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Olivier Mascia
Sent:
Are either of you on 2.3?
https://doc.pfsense.org/index.php/2.3_New_Features_and_Changes#Gateways.2FRouting
" Replaced apinger with dpinger(!). #5624
This fixes many gateway monitoring related issues..."
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto
To rule out any missing firewall rules, on Status: System logs: Settings, check
"Log packets matched from the default block rules put in the ruleset" and see
if it starts logging your pings from the LAN.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto
I posted about that when I discovered it a year ago. It seems silly to have a
field that is ignored and something else used instead. Is that still in 2.3
that way? It seems like it would be easy to change that from a field to the
word "admin."
--
Steve Yates
ITS, Inc.
---
I missed that also, way back when, thanks. We had been connecting to either
router1 or router2's WAN IP. If router2 is not the CARP master, you can
connect to it, but it will try to send the response back out through router1 so
one can't get bi-directional communication.
--
Steve
CARP is not permitted on their equipment"
Is that even possible? How would they prevent that other than tying the IP
address to a MAC address?
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Olivier Mascia
Sent: Wednesday, May
FSYNC, and 192.168.199.0/24 for
OpenVPN. 192.168.199.0/24 is just used to route packets from the remote PC to
behind the router.
You wrote "/130" for the CARP WAN alias...I'm assuming that's a typo and should
be "/29" like the others.
--
Steve Yates
ITS, Inc.
-Origi
You should not have to route anything manually. Your data center or ISP routes
the /25 to 212.168.31.130. In essence, packets are sent there for you.
PfSense then "knows" the LAN side is the /25 and sends them to the LAN.
--
Steve Yates
ITS, Inc.
-Original Message-
https://doc.pfsense.org/index.php/Upgrade_Guide#Upgrading_High_Availability_Deployments
"Generally the recommended path for upgrading a High Availability cluster is to
first upgrade the secondary node."
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto
asion to use a limiter
on a LAN upload.
I did see the known issue that limiters don't currently work on NATted
interfaces so don't have them set up on the WAN side.
Thanks,
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://li
I have the limiters configured as you show. But are you saying you would
normally set your limiter on rules on both the LAN and WAN? Basically, I
should set it on LAN for now and when the bug is fixed set it on WAN also?
--
Steve Yates
ITS, Inc.
-Original Message-
From: List
efore limit the connection if a tenant was, let's say, hosting a web
server and a remote user uploaded a file into the building.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of WebDawg
Sent: Thursday, May 12, 2016 1:17 PM
To:
No we're actually using NAT and private IPs inside the building. We use 1:1
NAT if a tenant needs a public IP.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of WebDawg
Sent: Thursday, May 12, 2016 2:38 PM
To: pfSense Su
Are you using dots in your FQDNs? Those aren't valid alias names... 'The name
of the alias may only consist of the characters "a-z, A-Z, 0-9 and _".'
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of M
Is there a length limit for alias names?
If it's an invalid alias I would think one of the logs should show something
when the firewall rules are applied...I recall seeing errors in there before...
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list
Ds if you open the PDFs
on their site. They do list compressed read and write speeds for some drives
so be careful what table you're reading.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Karl Fife
Sent: Wednesday, May
."
My second question was going to be about getting IPv6 to the PCs inside the
tenant router but unless I'm mistaken I need a couple more /64 networks for
that (what a waste of IPs...I know there's a lot but still...).
Thanks,
Steve Yates
ITS, Inc.
___
LAN IPv6 Prefixs Delegations2601:249::::/64
...with the LAN IP range. (yes, it is spelled "prefixs")
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Moshe Katz
Sent: Wednesday, May 18, 2016 10:10 PM
To: pfSens
Is there a way to force pfSense to do NAT for IPv6? If so then we could make
it work. I understand that's not the point of IPv6 but...
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Moshe Katz
Sent: Thursday, May 19, 2
The schedules are created under Firewall/Schedules and then can be applied to a
limiter. On a limiter you'd need at least two Bandwidth entries, one for each
schedule (day/night).
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On B
Rereading what I wrote I'm not sure I was correct to say two Bandwidth entries
are needed. I was looking at our example which has rates for our specific
purpose but unlimited may not need a schedule at all.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list
Jumping in midway through, 193.168.1.0/24 belongs to Universite du Luxembourg.
If that's not you then the other end could be routing packets there.
--
Steve Yates
ITS, Inc.
-Original Message-
> On Wed, May 25, 2016 at 8:54 PM, Lyle wrote:
>
>> The other end has a
hen I looked a while back it seemed like Snort and Suricata were similar but
Snort was single thread and Suricata could multi-thread.
https://github.com/Snorby/snorby/wiki/Snort-vs-Suricata-vs-Sagan
http://wiki.aanval.com/wiki/Snort_vs_Suricata
--
Steve Yates
ITS, Inc.
-Original Message-
s were enabled again, and we haven't had the problem lately. My
guess is the more individual rules that one disables, the longer it takes to
sync, and the larger sync info is. Then at some point something crashed and
reset the rules to not have any disabled, after which the sync is smal
1 - 100 of 227 matches
Mail list logo
