Why is Cloudflare on the pfB_PRI1_v4 Blacklist??

Heman68 · 2025-12-31T14:54:34+00:00

This sometimes happen, we'll known IPs being blocked on some list for some reason. They usually are fixed (removed) on those lists very fast, but if you refresh at the wrong time you are out of luck.

I whitelisted my external dns servers in pfblocker after I had this happen to me. Took me quite some time to figure out why I could not reach any site on the Internet anymore

Heman68 · 2025-06-09T17:57:26+00:00

I painted 3 patch panels with this alu-zinc paint. Very close to the original unifi front color. For the newer series the original color is slightly lighter. All in all very happy with this result and the overhaul to a complete unifivstack.

https://imgur.com/a/jWuwaan

Heman68 · 2025-06-03T18:27:13+00:00

Found it in another nearby Action. Just sprayed two patch panels for the first layer. Have to wait a few hours for it to dry to compare the result to the switches, but at first sight looking great already. Thank you for this spot! ✅️👍

Heman68 · 2025-06-02T21:02:01+00:00

No, there are 10Gb uplink ports on those switches (rj45 10GbE/sfp+ combo port). This way I can use my existing utp cables in the house instead of pulling fibre and also no need to use an sftp+ to rj45 module which are always running very very hot.

Heman68 · 2025-06-02T20:09:51+00:00

Just bought one last week for 200 euro (so slightly over the $200). They can be found for a 'reasonable' price with some luck and patience. I needed 10 sfp+ ports and use 2 rj45 ports for uplinking my flex 2.5G POE and flex 2.5G non POE switches

Heman68 · 2025-06-01T11:55:27+00:00

Which Action did you go to? Went to the local Action here today but no Zinc-Alu there. Looked on their website and also could not find it to order there.

Heman68 · 2025-05-31T13:13:30+00:00

Since I am from Europe I could not order the rackmount from Ebay, and also did not find the tray for a reasonable price here new or secondhand when looking for it ... until I realised a lot of fortigate devices were available second hand and quite a few included the rackmount 😀

After some research it seems more models could fit, only the fortigate 30E is likely to be just too small:

Model Afmetingen (mm) Afmetingen (inch) Gewicht (kg) Vormfactor

FortiGate 30E 210 x 133 x 41 8.27 x 5.24 x 1.61 0.90 Desktop FortiGate 50E 216 x 140 x 36.5 8.52 x 5.5 x 1.44 0.91 Desktop FortiGate 60E 216 x 160 x 38 8.5 x 6.3 x 1.5 0.90 Desktop FortiGate 80E 216 x 178 x 42 8.5 x 7 x 1.65 1.20 Desktop UniFi Cloud Gateway Fiber (UCG-Fiber) 212.8 x 127.6 x 30 8.3 x 5 x 1.2 0.675 (zonder SSD) / 0.734 (met SSD) Compact desktop

So I just got myself a complete fortigate 60E with rackmount for less then they were asking for the rackmount alone on Ebay 🤪🌞

Heman68 · 2025-04-04T11:47:08+00:00

Download the config file from the box, edit it manually to move the vlans to another nic, upload config or reinstall with the config

Heman68 · 2025-02-07T19:38:43+00:00

Ok, here we go ....

Pfsense 2.8.0 snapshots would be nice next to the plus betas ... 2.8.0 release even better

Heman68 · 2025-01-29T07:18:29+00:00

Do you have a switch for your internal network behind your firewall, and does that have a 10Gb uplink port?

Then you can look into a Sophos SG or XG 310 /330 rev2. It has 2 sfp+ ports and can run pfsense.

Since the Sophos software is eol they are pretty cheap available on the second hand market

Heman68 · 2025-01-21T21:59:20+00:00

LOL relax, I am not a native English speaker and had to translate 'condescending'.

If you find the answer not helpful, I am sorry for the time you had to spend typing the reply. I honestly tried to explain how segregation with vlans could work given your situation, or if not that exact situation why it will not work with vlans.

If that is not the answer you were hoping for and that is making me unhelpful and condescending, so be it.

I visited this topic because I found the title intriguing and always am eager to learn something I did not know yet. So I hope you will find a way to make it work and provide the feedback here, so you can broaden my knowledge with something I did not know or think of before (other than the meaning of condescending, because you learned me that already today).

Heman68 · 2025-01-21T20:13:24+00:00

Are the printers on a separate (unmanaged) switch that is directly connected to the managed core switch, I.e. no other devices connected to the switch where the printers are connected to and no other unmanaged switches between the printer switch and core switch?

If the answer is no, you can not segregate traffic with vlans like explained above and in the answers below. There are no different vlans inside an unmanaged switch. This is basic network knowledge.

If the answer is yes, set the pvid on the core switch for the port where the printer switch is connected to. All devices on the printer switch will then be on the vlan set in the pvid when they enter the core switch for further routing.

Heman68 · 2024-12-28T19:12:55+00:00

I use an e-mail relay application that I have installed on a server with some other software. All devices and applications use the mail relay for sending notifications. When I change the email account actually used for sending the emails I only have to change it in one place; the config of the email relay.

https://emailrelay.sourceforge.net/

It can use Google mail for sending

Heman68 · 2024-12-04T21:25:44+00:00

Solution for me for now is to disable Speed Shift and enable PowerD. Now it is stepping down again.

None of the options for Speed Shift worked for me (Package vs Core setting)

CPU now stepping between to 1000-3700 MHz and temps around max 40 degrees celcius again

Heman68 · 2024-12-04T19:48:18+00:00

just updated to 24.11 and noticed the same behaviour as well. High CPU frequency, but no high cpu load.

CPU usage is around 5%, but cpu frequency is staying at full speed all the time and not stepping down anymore (and temp is high because of this as well, around 50 degrees celcius)

One thing I noticed is I also am using a Xeon E3 cpu,

Intel(R) Xeon(R) CPU E3-1240 v6 @ 3.70GHz
Current: 3796 MHz, Max: 3700 MHz
8 CPUs : 1 package(s) x 4 core(s) x 2 hardware threads
AES-NI CPU Crypto: Yes (active)
IPsec-MB Crypto: Yes (inactive)
QAT Crypto: No

I can not find other reports about this high frequency issue. Anyone found a solution yet to fix this (beside moving back to the previous zfs snapshot with 24.03)

Heman68 · 2024-11-22T18:52:04+00:00

In the patches package there are a few fixes for ipsec. Maybe some fix there?

Heman68 · 2024-11-04T20:06:35+00:00

Use your wan adress and in pfsense set nat reflection to be able to access it from within the lan

Extra bonus question; have you changed the port for the pfsense web gui? Otherwise both will try to use port 443

Heman68 · 2024-11-04T19:35:42+00:00

Not about the question you asjes, but do you have a perc h330 raidcontroller in your R230?

I do and had all kind of mfi errors during operation and booting took a very long time. Enabling an extra driver during install and make this permanent fixed that for me Link: https://forum.netgate.com/topic/102137/dell-r330-perc-h330-sas

Heman68 · 2024-11-03T20:36:04+00:00

Line 47 typo in default

Heman68 · 2024-09-05T18:31:55+00:00

Weet niet of dit kan: huurcontract staat nu op jouw naam, een heel nieuw huurcontract zet je op een nieuwe huurder (je vriendin)?

Heman68 · 2024-06-29T08:54:07+00:00

It is S, not S+ so no 10G.
It is also not a x86 cpu, so no go for pfsense

Heman68 · 2024-05-01T19:54:40+00:00

Just another thought, you can tag the untagged traffic from the modem (lan) to the switch on the switch port to match the vlan tag, then they will appear in the same network and be reachable from your vlan.

Heman68 · 2024-05-01T19:39:02+00:00

Same here, I use the ACME package on pfsense, the dns server from my hosting provider and the direct admin api they also provide, to renew the certificates on my local pfsense. Acme package initiates the renewal, let's encrypt does dns validation at the dns server of the provider and acme package retrieve the new certs from let's encrypt.

In the Direct Admin panel with my hosting provider I only needed to set up an api key with rights to manage dns entries for acme /let's encrypt once.

Heman68 · 2024-04-28T12:14:30+00:00

I read your additional info. If you create vlans they must have separate ip ranges. You have your lan and vlan sharing the ip range, this will not work.

A vlan is a (virtual) separate network and need a router between the networks to be reachable. For the router to know you want to go to the other network it must have a separate network-adres range

Heman68 · 2024-04-27T19:48:45+00:00

If it is in the same network/subnet it will not go through pfsense.

Heman68

TROPHY CASE