I've had some issues with Tailscale service just stopping and me using that to access the devices behind cgnat that's kind of a problem. I worked around this making a cronjob restarting the service every so often as a quickfix, but this is much better. I must have missed this package whenever going through the list to see if there's something interesting to find. Ima try it, thanks!
Great to get this update, and glad to realize this matches my experience. I wish you can dig a bit deeper as to why DNSBL is not relevant anymore and what could be used as a replacement especially in a home environment with kids
It's fairly easy these days to tell a web browser to use a different DNS, so if one uses a block with the DHCP specified DNS, the end user can simply tell the browser to use a different DNS service. It's a little hard to change DNS at the system level, but not too difficult. I still use a local DNS via "Adguard Home", however it's not for parental controls, it's to limit DNS requests going to the internet by doing forced caching, and to re-write certain requests such as keeping NTP requests local. For parental controls, you will need to go deeper to really lock down the device, simple DNS blocking is easy to get around.
the same reason we have a manual updater and not an auto-updater, obviously. Everything in that plugin is opt-in manual administration based and just having a plugin does nothing useful.
@@Mr.Leeroy That's make no sense! the patches should have been as normal system updates which should been done regularly..same as any operating system in this world. Instead of relying on installing a package to install the updates?? (patches) I have been using pfsense on and off for almost 2 years and i never had an idea about the patches packages till seeing this video..and im kinda tech nerd let alone other people who are less nerdy? Netgate need to fix this issue and make the patches as a normal system updates IMO. Also Thank you Lawrance for the Video.
@@yahyoh91 Patches are not updates. They may contain couple hotfixes until an update comes, but thats only a fraction of their usecases, which are mainly dev or admin tuning functionality. If you are hoping for a faster and less attended rolling release, that's not happening since project is built around FreeBSD, which has the opposite in its core philosophy.
I love Traffic Totals. My only problem with it is that whenever there is an unclean shutdown the data seems to get corrupted and the only way I've found to fix that is to reset graphing data (lose it all). That should be easy to avoid if everything goes as expected, but after numerous power outages and brownouts I finally had to get a UPS. After that my ssd started dying and caused it to crash numerous times before I realized what was happening. Then I virtualized it so I can spin it up on a different physical host just in case, and then had a stick of ram going bad and crashing the system. So I now have two PC's running Proxmox, both with mirrored zfs boot pools, both on UPSs, in part to keep my router running through power and equipment failure. 😞 I have Cron installed to launch the QEMU Guest Agent on boot.
Thank you for all your information.... It is always very informative... I have a quick question... I was hoping to run by you... Would you happen to have any recommendations for Hyper-v cloud hosting services? Or do you offer hosting of hyper-v servers? Thank you very much
Would it be possible to explain package choices between a first-time or home setup, a paranoid setup, and then for a business that wants to put money where it matters, such as an HA or large hardware cost setup?
I purchased a couple netgates, I wanted to love pfsense but honestly the way they do vlans and interfaces is so confusing to me. I wish it was easier to use.
i'm using pihole and have a firewall rule setup which forwards all outgoing dns to pihole (except pihole itself^^). but i don't know if this is sufficient in all cases, at least it seems to work for me and blocks lots of ads. of course, for forwarded requests the router ip shows up in pihole log.
can ha proxy work like squid proxy? i use steam cache now and apt cache and has worked pretty well but feel it’s harder to set up then ha proxy probably would be.
What proxy would you suggest one use... now that I have removed Squid from my pfSense? We need a proxy.. not for caching or filtering (although this would be a plus of it did) but we need it for logging....
Sir i trying to install pfsense on my cyberoam CR-15iNG firewall After installation when booting from ssd its giving the error bios drive c: is disk 0 Can any one can help me i am in very much trouble 🙏 pls help
Service Watchdog is a useful one to keep service up. Also mail report.
I've had some issues with Tailscale service just stopping and me using that to access the devices behind cgnat that's kind of a problem. I worked around this making a cronjob restarting the service every so often as a quickfix, but this is much better. I must have missed this package whenever going through the list to see if there's something interesting to find.
Ima try it, thanks!
Which should NOT be nedded!
Great to get this update, and glad to realize this matches my experience. I wish you can dig a bit deeper as to why DNSBL is not relevant anymore and what could be used as a replacement especially in a home environment with kids
It's fairly easy these days to tell a web browser to use a different DNS, so if one uses a block with the DHCP specified DNS, the end user can simply tell the browser to use a different DNS service. It's a little hard to change DNS at the system level, but not too difficult. I still use a local DNS via "Adguard Home", however it's not for parental controls, it's to limit DNS requests going to the internet by doing forced caching, and to re-write certain requests such as keeping NTP requests local.
For parental controls, you will need to go deeper to really lock down the device, simple DNS blocking is easy to get around.
Also DoH in browser bypasses traditional DNS, which is why endpoint DNS is preferred when the device needs to be managed and monitored.
Watching this Channel since.. 2017 or something.. Thanks Lawrence for everything!
As always, absolutely awesome alliteration. 😎
Thanks for the pfsense pkg update Tom!
Thanks Tom! Nice package review 👍
Thanks for the update Tom!
i dont use it, but the crowsec package is probably something people will want if they host anything externally
I hope they can add support for WAF alongside with HAproxy
Cron can be useful if you want to schedule eg. reboot at some certain time.
Cheers from Australia.
Wish pfSense had a proper supply chain presence here.
What do you mean? Just download it, right?
Great again Lawrence!
What do you think of Zen Armor solution?
Dear Netgate, why is the patcher not installed by default?
I agree
the same reason we have a manual updater and not an auto-updater, obviously. Everything in that plugin is opt-in manual administration based and just having a plugin does nothing useful.
@@Mr.Leeroy That's make no sense! the patches should have been as normal system updates which should been done regularly..same as any operating system in this world. Instead of relying on installing a package to install the updates?? (patches)
I have been using pfsense on and off for almost 2 years and i never had an idea about the patches packages till seeing this video..and im kinda tech nerd let alone other people who are less nerdy?
Netgate need to fix this issue and make the patches as a normal system updates IMO.
Also Thank you Lawrance for the Video.
@@yahyoh91 Patches are not updates. They may contain couple hotfixes until an update comes, but thats only a fraction of their usecases, which are mainly dev or admin tuning functionality.
If you are hoping for a faster and less attended rolling release, that's not happening since project is built around FreeBSD, which has the opposite in its core philosophy.
I use cron for enabling hardware offloads on passthru NICs in a VM
I love Traffic Totals. My only problem with it is that whenever there is an unclean shutdown the data seems to get corrupted and the only way I've found to fix that is to reset graphing data (lose it all).
That should be easy to avoid if everything goes as expected, but after numerous power outages and brownouts I finally had to get a UPS.
After that my ssd started dying and caused it to crash numerous times before I realized what was happening.
Then I virtualized it so I can spin it up on a different physical host just in case, and then had a stick of ram going bad and crashing the system.
So I now have two PC's running Proxmox, both with mirrored zfs boot pools, both on UPSs, in part to keep my router running through power and equipment failure. 😞
I have Cron installed to launch the QEMU Guest Agent on boot.
Thank you for all your information.... It is always very informative... I have a quick question... I was hoping to run by you... Would you happen to have any recommendations for Hyper-v cloud hosting services? Or do you offer hosting of hyper-v servers? Thank you very much
I don't ever use Hyper-v
@@LAWRENCESYSTEMS Thank you...
Would it be possible to explain package choices between a first-time or home setup, a paranoid setup, and then for a business that wants to put money where it matters, such as an HA or large hardware cost setup?
By chance do all of these packages exist and setup the same way in opnsense? I really like all of your content appreciate you!
I purchased a couple netgates, I wanted to love pfsense but honestly the way they do vlans and interfaces is so confusing to me. I wish it was easier to use.
Let us know if you have specific questions. I found it straightforward. My job is networking and firewalls related, not PFsense.
Take a breather, maybe read a bit more about vlans and try again. Once you get the hang of it it's just as easy as any other implementation
It seems pretty straightforward to me as well. 🤔
Thank you!
watched even though I use opnsense :) appreciate the time you put in to this
Thanks
i'm using pihole and have a firewall rule setup which forwards all outgoing dns to pihole (except pihole itself^^). but i don't know if this is sufficient in all cases, at least it seems to work for me and blocks lots of ads. of course, for forwarded requests the router ip shows up in pihole log.
Hmm "NSFW_LAN". Does that connect to a NSFW directory of photos and videos on the NAS? 🤭
Why the NUT wasn't mentioned?
I almost never use it. If you're using ZFS suddenly losing power is not really an issue.
Is the issue with Zabbix this use case, or Zabbix in general?
I was evaluating Zabbix for monitoring a large deployment.
Zabbix is great, but I just don't use it anymore.
can ha proxy work like squid proxy? i use steam cache now and apt cache and has worked pretty well but feel it’s harder to set up then ha proxy probably would be.
No
I used ntopng a few months back but I found out it was writing a LOT of logs and was killing my NVMe 😰
What about zerotier? Is that available on pfSense yet? I keep finding old posts (2+ yrs) all say no official package.
nope
Perfect!
What proxy would you suggest one use... now that I have removed Squid from my pfSense? We need a proxy.. not for caching or filtering (although this would be a plus of it did) but we need it for logging....
I don't suggest any due to the issues that come with them. We use an endpoint tool on each client machine to monitor and manage web sites.
@@LAWRENCESYSTEMS Which endpoint tool is it? Does it have a management console? Is it open source? Thanks in advance for the guidance.
@@diegogarriz3857 We currently us Zorus and I am not aware of any good open source alternative.
What do you recommend if you don't like Snort?
Since most traffic is encrypted IDS systems are much less useful here in 2024
What are y'all using outside of Zabbix?
Auvik
Sir i trying to install pfsense on my cyberoam CR-15iNG firewall
After installation when booting from ssd its giving the error
bios drive c: is disk 0
Can any one can help me i am in very much trouble 🙏 pls help
Avahi!
Were these particular packages proposed in order of their propensity to perform? Or just random order? 😂
Anyone else think the little hand icon on the thumbnail was flipping the bird? Thought it was another video about opensense *rim shot*
What does zabbix have to do with squid?
Nothing, I just don't use zabbix anymore and I don't recommend anyone use squid.
Awesome
Damn the timing of this video haha
If I want to create a filter for Kids @home, which packages or setup would you recommend?
freeradius3, wireguard, tailscale, service watchdog, pfblocker, openvpn client export ❤
Wan IP address…
First
you have replaced zabbix with uptime-kuma?
Essentially yes but Uptime Kuma does not have near the same features as Zabbix, but I also did not really need all those features.
@@LAWRENCESYSTEMS thanks for the reply