Menu
What's new
By:
Filters Better Search

Using pfSense with a L3 core switch

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Yes, but there was a bug so I switched to DNS Forwarding which was patched in version 24.03. So now I switched back.
forum.netgate.com

Unbound - CVE-2023-50387 and CVE-2023-50868

Was just reading about CVE-2023-50387 which seems to affect all DNS resolvers that support DNSSec. It seems NLnetlabs has released an Unbound patch today. ht...
forum.netgate.com forum.netgate.com
 
Last edited:
I haven't made the upgrade yet. Waiting for a suitable slot at home.
 
Yes, my wife went on a trip with her best friend so I had plenty of time to test but it turns out I did not need it. I was up and running in under 10 minutes. It was probably faster but I forgot I had to log in again as it kept telling me it was not ready so I waited.
I tried my monitor but it would not sync as it has been turned off too long. It takes a reboot to sync the monitor and of course you cannot reboot during an upgrade. Next time I will have the monitor working before I upgrade. Just so I can watch the progress.
 
Last edited:
Upgraded today to 24.03. Pretty uneventful. Interface seems a bit snappier though and i also have the impression that the HAproxy pass-through is a bit faster. Had a small issue with accessing my cloud-server but it seems an entry i had to change with a previous upgrade needed to go back to the original setting.
 
So, I came across these settings. I am trying them. Except I don't run pfblocker. I have an ACL to allow only QUAD9 DNS out. Any comment? I am not sure what enable Python would do for me if I don't run pfblocker.

This should help

System / General Setup

  • DNS Servers: Provide resolvers of your choice
  • DNS Resolution Behavior: Use local DNS (127.0.0.1), ignore remote DNS Servers
Services / DNS Forwarder

  • Leave disabled
Services / DNS Resolver / General Settings

  • Untick 'Enable DNSSEC Support'
  • Tick 'Enable Python Module'
  • Tick 'Enable Forwarding Mode'
Services / DNS Resolver / Advanced Settings

  • Tick 'Query Name Minimization'
  • Tick 'Prefetch Support'
  • Tick 'Prefetch DNS Key Support'
  • Untick 'Harden DNSSEC Data'
Firewall / pfBlockerNG / IP / IPv4

  • Disable any lists you don't use (these can incur a significant performance hit)
Firewall / pfBlockerNG / IP / IPv6

  • Disable any lists you don't use (these can incur a significant performance hit)
Firewall / pfBlockerNG / DNSBL

  • Tick 'DNSBL Blocking'
  • Tick 'CNAME Validation'
Firewall / pfBlockerNG / DNSBL / DNSBL

  • Logging / Blocking Mode: Null Blocking (no logging) or Null Blocking (logging)
 
Last edited:
You must log in or register to reply here.

Similar threads

D
VLAN Config Query using pfSense and Unifi
Replies
18
Views
1K
awediohead
A
A
Confused about subnets and vlans
Replies
11
Views
1K
sfx2000
sfx2000
Maverick009
Upgraded Opnsense Firewall Router hardware
2
Replies
36
Views
3K
Maverick009
Maverick009
slackjaw99
pfSense vs. OPNsense AFA offloading logging, database etc to other hardware
Replies
4
Views
1K
coxhaus
C
Maverick009
Alternative to pfsense/Opnsense
3 4 5
Replies
87
Views
11K
marktim
M
Similar threads
Thread starter Title Forum Replies Date
C Using 2 routers (no bridge), DDNS configuration not working Routers 3
B Long shot but worth a shot? WFH using CISCO phone audio delay 5-10 seconds Routers 1
C Pfsense wins awards Routers 34
GHammer pfSense No More Without Paid Version? Routers 116
C Pfsense with newer CPUs Routers 22
C Att Fiber bypass for pfsense Routers 1
slackjaw99 pfSense vs. OPNsense AFA offloading logging, database etc to other hardware Routers 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 915 (members: 34, guests: 881)
Top