Re: [pfSense] 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign • The Register - patch to pfsense?

2018-01-09 Thread Weijers 
On Wed, Jan 3, 2018 at 2:32 PM, Walter Parker  wrote:

> On Wed, Jan 3, 2018 at 2:25 PM, Steve Yates  wrote:
>
> > I'm not a developer but I would think it's dependent on FreeBSD releasing
> > the update, plus testing by pfSense/Netgate.  However, I would think
> > there's not much concern with PCs running pfSense, since raw code would
> not
> > normally be running on the pfSense box...?
>

Agreed, if someone manages to run malicious code on your pfSense box you
have bigger problems.

HOWEVER: running pfSense as a virtual machine may not be the best idea if
you do not have full control over the other VMs running on the same
hardware.


-- 
--
Gé
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Is this list still active?

2017-01-24 Thread Weijers 
Google's spam filter is complaining about a DMARC failure.


On Tue, Jan 24, 2017 at 2:33 PM, Gé Weijers <g...@weijers.org> wrote:

> Gmail seems to mark most messages from this list as spam. I have a rule
> that prevents gmail from moving messages to the spam folder, otherwise I
> would have seen the same thing.
>
> On Tue, Jan 24, 2017 at 1:15 PM, Sherwood McGowan <
> sherwood.mcgo...@gmail.com> wrote:
>
>> Hey, nice last name! I've got the same as a first!
>>
>> Yes, the list is still active, just not all the time.
>>
>> ⁣Sherwood McGowan
>> VOIP Engineer &  Consultant
>>
>> This email was sent via a mobile device. Please pardon misspellings,
>> strange syntax, and other possible issues arising from using a mobile
>> device. ​
>>
>> On Jan 24, 2017, 11:40 AM, at 11:40 AM, Steven Sherwood <stev...@coc.ca>
>> wrote:
>> >Just sending this out as a test message as I've stopped receiving the
>> >list as of December 8...
>> >___
>> >pfSense mailing list
>> >https://lists.pfsense.org/mailman/listinfo/list
>> >Support the project with Gold! https://pfsense.org/gold
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
>>
>
>
>
> --
> --
> Gé
>



-- 
--
Gé
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Is this list still active?

2017-01-24 Thread Weijers 
Gmail seems to mark most messages from this list as spam. I have a rule
that prevents gmail from moving messages to the spam folder, otherwise I
would have seen the same thing.

On Tue, Jan 24, 2017 at 1:15 PM, Sherwood McGowan <
sherwood.mcgo...@gmail.com> wrote:

> Hey, nice last name! I've got the same as a first!
>
> Yes, the list is still active, just not all the time.
>
> ⁣Sherwood McGowan
> VOIP Engineer &  Consultant
>
> This email was sent via a mobile device. Please pardon misspellings,
> strange syntax, and other possible issues arising from using a mobile
> device. ​
>
> On Jan 24, 2017, 11:40 AM, at 11:40 AM, Steven Sherwood 
> wrote:
> >Just sending this out as a test message as I've stopped receiving the
> >list as of December 8...
> >___
> >pfSense mailing list
> >https://lists.pfsense.org/mailman/listinfo/list
> >Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>



-- 
--
Gé
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Monitor (RRD) all 0 data on 2.3

2016-04-21 Thread Weijers 
Never mind, removing the .rrd files and waiting for an update seems to have
done the trick.
Is there a reset command somewhere (except "rm *.rrd")

Gé

On Wed, Apr 20, 2016 at 10:53 PM, Gé Weijers <g...@weijers.org> wrote:

> Hi,
>
> I just performed a clean install of 2.3 on an AMD64 PC. Everything is
> fine, except that monitoring shows all 0 data for all categories (traffic,
> memory use, etc.). All the graphs are horizontal, and all the measurements
> are 0. Is there a way to figure out what's going on?
>
> Gé
>
> --
> --
> Gé
>



-- 
--
Gé
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Monitor (RRD) all 0 data on 2.3

2016-04-20 Thread Weijers 
Hi,

I just performed a clean install of 2.3 on an AMD64 PC. Everything is fine,
except that monitoring shows all 0 data for all categories (traffic, memory
use, etc.). All the graphs are horizontal, and all the measurements are 0.
Is there a way to figure out what's going on?

Gé

-- 
--
Gé
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] naive suggestion: conform to US laws

2013-10-11 Thread Weijers 
On Fri, Oct 11, 2013 at 11:13 AM, Walter Parker walt...@gmail.com wrote:


 2) NSA forces pfSense to put a backdoor in the software. Tells pfSense to
 be quite about it.


The problem with doing that to open source is that it's easy to verify that
it happened (especially after someone provides an anonymous hint). It's
hard to keep secrets these days.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-09 Thread Weijers 
Some people in this discussion assume that the principals of ESF could not
be forced to lie by the US government, under threat of lawsuits, financial
ruin, incarceration and not seeing their children grow up. I find this
assumption awfully naive.

I think it's unlikely that ESF was even asked to cooperate, but I don't
believe a denial is all that useful under the circumstances, and asking for
it again and again is obnoxious.

Gé


On Wed, Oct 9, 2013 at 10:07 AM, Jeppe Øland jol...@gmail.com wrote:

  I also understand your point though, since the software is OSS, it
 should
  be fairly easy to check for backdoors :)
 
  Yes, you *could* check. But does anybody? Check the *entire* code and
  get the big picture?

 Realistically speaking, that wouldn't be enough anyways.

 What is the percentage of pfSense users that download source and build
 it themselves vs. download the prebuilt binary?

 Regards,
 -Jeppe
 ___
 List mailing list
 List@lists.pfsense.org
 http://lists.pfsense.org/mailman/listinfo/list




-- 
Gé
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Anyone here used Netgate hardware for home use?

2012-05-04 Thread Weijers 
On Thu, May 3, 2012 at 11:50 AM, justino garcia jgarciaitl...@gmail.comwrote:

 Anyone here used the Netgate m1n1wall 2D3 / 2D13 Blue?
 Does this unit run the full version of PFSense, and is 256 MB for a home
 office deployment enough?


I use a 2D3 with pfSense 2.0.1 (1.2.3 before that). It's a lot better than
any of the consumer hardware I used before. Memory use is under 50%,

I use one interface for WAN, one is connected to two wireless access
points, and one is attached to an HP smart switch (1800-8G) that's set up
with two VLANs. This configuration has given me no problems whatsoever. I
use a 2GB industrial SLC CompactFlash card, I don't trust the ones Netgate
sends out in their kit.

-- 
Gé
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list

[pfSense] Question: less noise in the logs

2012-02-16 Thread Weijers 
Hi,

I''ve tweaked my rule sets to lower the amount of noise in the
firewall logs. Mostly that works.

I'm seeing a fair number of entries looking like this:

Feb 16 08:32:27   LAN    192.168.21.134:56385   173.194.XX.XX:443   TCP:FA

It looks like a browser is trying to close a stale connection which
has already timed out in PF. I've tried to create a rule that matches
the TCP FA flags, but that does not seem to work. Whatever you set in
the
Advanced section for the TCP flags: the rule I get is this:

  block return in log quick on bridge0 inet proto tcp from
192.168.21.0/24 to any flags S/SA label USER_RULE: Reject stale FA/FA
packets

I'd expect FA/FA, which is what I specified.

This is 2.0.1, BTW.

--
Gé
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list