Netgate SG-1000 microFirewall

Recent Posts

Pages: [1] 2 3 4 5 ... 10
Just for clarity, rules that match the OpenVPN tab do not get reply-to at all so the replies are routed according to the routing table. That usually means they go out the default gateway.

Rules matching the assigned interface tab (which means they weren't matched by the OpenVPN tab or processing would have stopped there) get reply-to on the states.

Glad it's working.
General Questions / Re: url blocking
« Last post by phil.davis on Today at 02:15:30 am »
Thank you for your patience. I found the source you were talking about: it's in the Hangout archive in the video "Advanced OpenVPN Concepts" at 22:07.

What I understood: the incoming traffic first hits the "OpenVPN" tab and then goes through the interface tabs of the corresponding OpenVPN instance. The reply-to will be added by the first rule that matches. If it matches a rule on the "OpenVPN" tab, then it gets a reply-to for the default gateway. If it matches a rule on the corresponding OpenVPN interface tab, then it gets a reply-to for this interface (exactly what we want).

The thing that wasn't clear for me was that EVERY rule will do that, no matter how it is configured. So I checked "Floating rules" and the "OpenVPN" tab, deleted all rules there and created a "pass any to any" rule on every OpenVPN instance interface tab.

Problem solved!  ;)
Hardware / Re: Hardware recommendation for 50 PCs
« Last post by Derelict on Today at 02:08:11 am »
I was asking what the WAN speeds would be. A recommendation will be different for a couple 100Mbit cable modems versus redundant gig-e or something.
Это не "мой способ". Должен.
Так то оно так. Но по вашему фильтруем https  без галки фильтровать https. глаз задергался от такой казуистики.
так что это ваш способ.

General Questions / PFSense Crashs all night at araound 04:03
« Last post by admins on Today at 12:54:52 am »
Hi all
My PfSense Crashs all night at 4 a clock in the morning.
I've nothing seen in the crashlog, perhaps somebody could see what's the Problem:

The File is too large for this post. Crashlog:
Password: ~XBZTcg6

pfSense это и есть фаервол. Прокси это не только блокировка сайтов, но в первую очередь безопасность и мониторинг. Можно на уровне dns или в hosts прописать неугодные сайты и сопоставить им, но это детский сад. На выходных если все будет спокойно подыму на стенде и напишу вам инструкцию в картинках

Если использовать SquidGuard будет работать по вашему способу?
Это не "мой способ". Должен.
General Questions / Re: SIP register Problem
« Last post by admins on Today at 12:52:27 am »
Helo all
I've found the Problem. It wasn't on the pfsense.
It was a DOS-Prevention on a Zyxel Switch.

Messages from the pfSense Team / Re: An update on Meltdown and Spectre
« Last post by guardian on Today at 12:12:09 am »
Any timeline for when a patch may be coming out?
General Questions / Re: Scheduled block of MAC address
« Last post by aagaag on Yesterday at 11:39:45 pm »

Now once your device always is 192.168.1.X you can setup a firewall rule per a schedule that allows them to only use the internet when you want.  You will need to make sure the states are reset when you do this or any current connections they have open would continue to work until that state expired on its own or they closed the connection..

Can show an example of this if need be...

Many thanks. Yes, an example of how-to, including resetting the states, would be highly appreciated!
Pages: [1] 2 3 4 5 ... 10