Been working with pfsense for about 4 years now absolutely love it. Just remember to back up your configuration often. Trust me it will save you a lot of headaches. When you break things and you will. It just comes with the territory.
@@Jims-Garage yeah me to. Unfortunately I had to learn the hard way. A couple of years ago my ssd died and at the time I didn't back anything up. So needless to say I had to start completely over. So now I send backups to another device about every month or two. And take regular snapshots about every 3 to 4 weeks or so. But if I'm working on a project I'll take a snapshot before I make any drastic changes.
Subscribed! This is the content I have been looking for regarding pfSense. I have been wanting to set up vLANs in the homelab to separate various networks (IOT, guest, 3D printers etc.) Knowing just enough to muddle around with a home network and usually lock myself out gets to be frustrating.
@@PocketRocket-u2r thanks! The key problem is that it won't see HTTPS traffic regardless, which is probably 90% of everything... Might be worth putting on a LAN or NAS vLAN.
Awesome video as usual, very information and easy to follow a long. I have been waiting for this pfSense part 2 for longggg time haha! Thank you so much for upload the vid, can not wait for the next one.
Love the content Jim! I would love to see some videos on how to get started with Grafana and Prometheus in terms of monitoring my Dell Poweredge, Unraid servers and lastly my Proxmox host. Look forward to your next video mate! Cheers
Fantastic video! I've been using pfSense for a couple years and learned some good stuff here. My biggest struggle right now is port forwarding across a site-to-site VPN. Just can't seem to wrap my head around the firewall rules to allow that to work. My goal is to host game servers at home, but have those more or less "proxied" through a Google Cloud hosted pfSense machine. I'll keep working on it and maybe apply some of the learnings from this video. Open to suggestions though!!
@@Jims-Garage Oh, are there "official docs" on port forwarding across a VPN? I'll have to check. No, I haven't found much detail on it, but also haven't tried in a few months. I'll have to pick that project back up soon.
@@Jims-Garage Figured it out. It’s only switching to lower resolution on my iPad. Fine on other devices. My iPad is one generation older than the current version. Weird.
@@Jims-Garage Thanks for replying, I also have another idea here. I do not recall if you use Grafana in your stack for logging but if you do, could you do a video on collecting logs using Grafana Alloy seeing promtail will be deprecated ?
Outstanding job Jim! Never watched a video about pfsense (I have fork version opnsense) but was easy to follow although networking, vlans and so on are tough topics... Thanks for putting so much effort to share all your wisdom to the world :)
Hi there. Thank you for your insightful tutorials. I believe there might be an error (around minute 43+) in your Win client Interface configuration. The address there should be 10.0.0.2/24 instead of 10.0.0.1/24.
Thank you for this. Great work! This is first to see Nordvpn setup. You have setup accross all LANs. I wonder if there is a way to specifiy as a gateway. Also, there is no mention of kill switch mechanism. May be through packet tagging, not sure.
I specficy it as a gateway for Wireguard (check the video). That should function as a killswitch - if gateway isn't available the traffic goes nowhere.
Any chance we can get a video using PFSense and a reverse proxy (preferably HAProxy since it’s baked into PFSense) for your home services? Bonus points if you setup Let’s Encrypt as well!
Whichever reverse proxy you use I think could make a great learning video! I said HAProxy since it’s available in PFSense but either is fine!
2 หลายเดือนก่อน +1
great video!! now, given your previous experience with OPNsense, and now that you've switched to pfSense, have you formed a preference for either firewall?
I'm still running pfSense behind OPNSense for evaluation. I find pfSense to be more intuitive but that's a personal preference. I am going to acquire a licence to Plus and see if that adds anything meaningful for my lab setup. My current thinking is that unless Wireguard performance is important, both are great.
Could you cover traefik and PfSense with the port 443/444 for internal external access? Hairpin/NAT Reflection is a pain to get working in PfSense. Split DNS is recommended instead, but that doesn't support port changing if i understand correctly.
Thanks! I haven't, both are pretty useless for WAN traffic regardless due to HTTPS. You're better off with an EDR solution or proper web proxy if you're concerned about web traffic. For hosted services, Crowdsec is the way to go IMO.
@@royprice931 all depends on what you have. In most cases the modem and router are provided as one by the isp. I suspect you'll need to put your modem in bridge mode and connect it to pfSense.
Hi Jim; Great video as always. What I couldn’t get is if Vlan20 and 40 are just virtual systems (not physical devices like IOT, Cameras, Office Laptops etc), why do they need to be configured on the Switch itself. Does that mean, one has to have an individual / physical port for each virtual VLAN (ie no underlying physical device) created in Proxmox / PfSense ?
@@Jims-Garage thanks for the reply; atm I have a physical Nic (and created a Proxmox VMBR without it being VLAN aware), connected to a Mikrotik Hex (with VLANs). This is being used as parent interface to segregate physical IOT, office, cameras etc. I have also created another VLAN aware VMBR in Proxmox, albeit without it being connected to a physical NIC port. Have created 3 VLANs on Pfsense, and CTs/VMs on Proxmox with respective VLAN tags. Not sure if this is the right way. Or should I make the physic Nic / bridge VLAN aware then have all 7 VLANs trunked to the Hex.
@@mikescott4008 I find Sophos xg the easiest to use but the lack of WireGuard isn't great. pfSense has better WireGuard performance than OPNSense and I prefer its UI, but I'm still on OPNSense for the time. I will likely move to pfSense when I can be bothered.
@@Jims-Garage interesting and semi where I'm at too. I find pfsense easier than XG at the moment, but I've been out of the XG echosystem for circa 12-14 months having moved to pfsense. Opnsense I've never gotten on with and find the pfsense+ instance I have quicker. I have OpenVPN, WG and IPSEC VPNs configured. I have been tempted to setup a WG concentrator on a seperate VM and run XG again. XG Home doesn't leverage the crypto either sadly. The XG135 R3 unit I have can do QAT, which I've using on pfsense+ along with DCO. Due to the size of my little network it prob makes little difference. I'm waiting for Toob to come into my area to then jump on their 900/900 offereing rather than Virgin atm. I like exploring these options out of learning as job wise I'm more on the normal infra stack. vMware, Microsoft, AD, MECM etc. I'm just considering opnsense on the XG230 unit at the moment, but it's got V21 XG on it atm. The Let's encrypt on Sophos XG will meet my needs anyway as I've spun up a CA at home for all the internal stuff, also gets away from the 90 day re-loading certs..
Hi, great video I have a UCG Ultra right now connected to my modem and i tried switching it like this ISP-pfsense-ucg-accesspoints But in this scenario my pfsense only sees ucg ip in logs and not individual hosts connected to AP. I want to monitor network connections in a SIEM. Can you suggest how can i overcome this? Thanks
@@Jims-Garage because i have netgate 1100 which can not afford ids/ips, i tried multiple time but it doesn’t work due to less memory so i want to use ucg ultra for that and I invested in these 2 hardwares now so thought of finding some way but am not super with networking stuff.
Great video! Is there already a way of using MFA in VPN (either from pfsens or OPNSense) without entering the OTP+password / password+OTP when authenticating? Should be a 2nd phase separately as it is in any other solution. Thanks
RE the NAT piece re WireGuard, I assume you're only doing that due to running full tunnel setup? I'm still on pfsense, I started looking at v21 Early Access Sophos XG, but back here.. SDN is of interest on Sophos XG, but I am using multiple WAN. Virgin and 4G failover, I don't like the monitor IP option on pfsense as it essentially creates a static route underneath. Next thing I'll be doing re "homelab" is spinning up an internal CA and lets encrypt only for the pfsense box. WG for my IOS devices, OpenVPN for laptop and IPSec for s2s to other family firewalls.
@@FilipeNeto616 initially because I couldn't get the Sophos xg to recognise my MS-01 NIC (you need to use the iso not KVM image). But I also gained the benefit of WireGuard on the firewall. Sophos still uses an ancient kernel
Still using pfsense? I’m flipping between Sophos XG Home and Pfsense+. Both running on XG135 R3 devices. Using IPsec for VPN services, s2s and for IOS etc
What's the additional hardware requirement from running Wireguard, OpenVPN and snort? I'm in a virtualised environment on Proxmox and looking to keep resource allocations as meagre as possible. Currently running pfSense with just 1 core and 512MB of memory (I know the reqts are higher), so wondering what I will need to tweak if I add snort and Wireguard?
@@IwanDavies snort you likely need about 6GB and 4 cores, WireGuard shouldn't need much. I'm very surprised that you can run pfSense long term and reliably with 512MB, the minimum requirement on their site is 1 GB.
@@Jims-Garage pfSense VM uptime currently clocking in at 193 days! (I've jinxed it now haven't I!) There's only two of us in the house but we both work from home, so there's a work vlan, home vlan and IOT vlan, plus all the usual streaming, etc. so a chunk of traffic running through it. The limiting factor is my Proxmox server which is an ageing Fujitsu entry-level tower server with a 4-core Xeon that only supports 32GB of RAM. I managed to get your K3s & longhorn tutorial running on it though! Just about got an nginx container running on that but it was struggling. Thx for the vid(s) & your reply!
@@Jims-Garage Basic functionality is present in version 23.09, but the Kea implementation lacks the following DHCP server features: Local DNS Resolver/Forwarder Registration for static and dynamic DHCP clients Remote DNS server registration DHCPv6 Prefix Delegation High Availability Failover Lease statistics/graphs Custom DHCP options
@@emanuelpersson3168 I've had problems with KEA as the DHCP back end and had to revert back. Basically, I've had statically mapped clients sometimes get IP addresses from the DHCP server pool instead of the mapped ones.
If I choose to run pfsense in proxmox how should I keep proxmoxs secure? I want proxmox it self be protected by pfsense and be able to download updates.
Hi Bro can you please make a step by step video on configuring Pfsense Openvpn with split tunnelling & configure Ubuntu as a VPN client. Please its a request. kindly reply
Now kind Sir, you're talking my language. Unfortunately we all aren't in position to "hijack" the entire network for ourselves or our homelab and just tell the rest of the family to use neighbor's wi-fi (regardless if you're a "dad-in-charge".. when ever wife is kind enough to let you believe in such.. hmm, nonsense... or a "regular" part of a family) so thank you for this distinction. Let's rock'n'roll - for younger viewers then is the ONLY real genre of music and you poor young souls have no idea what you're missing. (The opinions are my own and not of my employer - pls don't send h8 and spread only love via these internet comments)
OPNSense Playlist, covers all of this: th-cam.com/play/PLXHMZDvOn5sVAhOGZOUVk5Hfk0k1q-It2.html&si=zM9GAcIwvzkMnH0P
Thanks for the demo and info. Another great fantastic video Jim. Have a wonderful day
Thanks, you too!
Been working with pfsense for about 4 years now absolutely love it. Just remember to back up your configuration often. Trust me it will save you a lot of headaches. When you break things and you will. It just comes with the territory.
Absolutely agree. I also do VM backups and snapshots to limit downtime.
You can use Autoconfig Backup under Services. Make sure to keep a copy of your device key in a secure location.
@@Jims-Garage yeah me to. Unfortunately I had to learn the hard way. A couple of years ago my ssd died and at the time I didn't back anything up. So needless to say I had to start completely over. So now I send backups to another device about every month or two. And take regular snapshots about every 3 to 4 weeks or so. But if I'm working on a project I'll take a snapshot before I make any drastic changes.
Thanks for the great video. I really appreciate seeing a for detailled insight in IDS and IPS. Cheers
My pleasure!
Subscribed! This is the content I have been looking for regarding pfSense. I have been wanting to set up vLANs in the homelab to separate various networks (IOT, guest, 3D printers etc.) Knowing just enough to muddle around with a home network and usually lock myself out gets to be frustrating.
Awesome, thank you!
OMG Thank you so much! Your video is the only one so far that made Nord Work for me.
Glad I could help!
Thanks for sharing your work!
My pleasure!
Thank you! I couldnt for the life of me get wireguard working. I have it setup with Cloudflare DNS now thanks to your video!
@@HunterHarris. You're welcome
Yes... a video deep dive into Snort IDS/IPS setup would be awesome, especially working towards enabling blocking. Great pfsense series BTW
@@PocketRocket-u2r thanks! The key problem is that it won't see HTTPS traffic regardless, which is probably 90% of everything... Might be worth putting on a LAN or NAS vLAN.
Awesome video as usual, very information and easy to follow a long. I have been waiting for this pfSense part 2 for longggg time haha! Thank you so much for upload the vid, can not wait for the next one.
@@Sli3py thanks!
Thank you for the video :)
My pleasure!
It was superb
@@rediffusion7996 thanks 👍
Love the content Jim! I would love to see some videos on how to get started with Grafana and Prometheus in terms of monitoring my Dell Poweredge, Unraid servers and lastly my Proxmox host. Look forward to your next video mate! Cheers
Thank you! Check out my logging and monitoring series: th-cam.com/play/PLXHMZDvOn5sWn-pvF3KcUfyZKZpD7q8IJ.html&si=LeLlfiqbVLTucER4
And yes to a in depth IDS/IPS pfsense video would get great.
Very cool vid, and yes I might be interested by a IDS/IPS deep dive video :D
Noted! Unfortunately both OPNSense and pfSense are quite limited in that respect as they can't do HTTPS traffic.
@@Jims-Garage maybe with Netify ? Which is an open source DPI compatible with PFSense.
Fantastic video! I've been using pfSense for a couple years and learned some good stuff here. My biggest struggle right now is port forwarding across a site-to-site VPN. Just can't seem to wrap my head around the firewall rules to allow that to work. My goal is to host game servers at home, but have those more or less "proxied" through a Google Cloud hosted pfSense machine. I'll keep working on it and maybe apply some of the learnings from this video. Open to suggestions though!!
Thanks 👍 I assume you're following the official docs? I might cover this in a future video
@@Jims-Garage Oh, are there "official docs" on port forwarding across a VPN? I'll have to check. No, I haven't found much detail on it, but also haven't tried in a few months. I'll have to pick that project back up soon.
@@BenReese if you follow the docs for site to site it should work
Thanks for all your videos ❤
Is this one not in HD?
@@RonnyNussbaum you're most welcome. It is available in 4K, be sure to click the cog.
@ thank you. I did, but it shows as “unavailable”.
@I sampled some of your other videos and they come in HD. Just not this one. Odd.
@RonnyNussbaum strange, it's giving me the full list of options.
@@Jims-Garage Figured it out. It’s only switching to lower resolution on my iPad. Fine on other devices. My iPad is one generation older than the current version. Weird.
Chet Jim, great content as usual. You are one of the Goats!! Did not know you were Could you do a review of Wazuh next?
@@project_mini_hero thank you! It's on the to-do list
@@Jims-Garage Thanks for replying, I also have another idea here. I do not recall if you use Grafana in your stack for logging but if you do, could you do a video on collecting logs using Grafana Alloy seeing promtail will be deprecated ?
@@project_mini_hero I've covered logging extensively in a 2 part video but I haven't done alloy. Will look into it
Outstanding job Jim! Never watched a video about pfsense (I have fork version opnsense) but was easy to follow although networking, vlans and so on are tough topics...
Thanks for putting so much effort to share all your wisdom to the world :)
Glad you enjoyed it! Thanks for leaving a comment.
Hi there. Thank you for your insightful tutorials. I believe there might be an error (around minute 43+) in your Win client Interface configuration. The address there should be 10.0.0.2/24 instead of 10.0.0.1/24.
Thanks, I'll take a look. It was a complex video and it's possible I've missed something...
Thank you for this. Great work! This is first to see Nordvpn setup. You have setup accross all LANs. I wonder if there is a way to specifiy as a gateway. Also, there is no mention of kill switch mechanism. May be through packet tagging, not sure.
I specficy it as a gateway for Wireguard (check the video). That should function as a killswitch - if gateway isn't available the traffic goes nowhere.
Any chance we can get a video using PFSense and a reverse proxy (preferably HAProxy since it’s baked into PFSense) for your home services? Bonus points if you setup Let’s Encrypt as well!
Thanks for the suggestion, I might do. I currently do everything through Traefik in Kubernetes and Docker
Whichever reverse proxy you use I think could make a great learning video! I said HAProxy since it’s available in PFSense but either is fine!
great video!! now, given your previous experience with OPNsense, and now that you've switched to pfSense, have you formed a preference for either firewall?
I'm still running pfSense behind OPNSense for evaluation. I find pfSense to be more intuitive but that's a personal preference. I am going to acquire a licence to Plus and see if that adds anything meaningful for my lab setup. My current thinking is that unless Wireguard performance is important, both are great.
Could you cover traefik and PfSense with the port 443/444 for internal external access? Hairpin/NAT Reflection is a pain to get working in PfSense. Split DNS is recommended instead, but that doesn't support port changing if i understand correctly.
Good video! Have you looked into Suricata instead of Snort for IDS/IPS? Curious what your opinion is on it.
Thanks! I haven't, both are pretty useless for WAN traffic regardless due to HTTPS. You're better off with an EDR solution or proper web proxy if you're concerned about web traffic. For hosted services, Crowdsec is the way to go IMO.
Can the pfsence go between the cable modem and a the router or does it have to be setup as bridge to do that?
@@royprice931 all depends on what you have. In most cases the modem and router are provided as one by the isp. I suspect you'll need to put your modem in bridge mode and connect it to pfSense.
Hi Jim; Great video as always. What I couldn’t get is if Vlan20 and 40 are just virtual systems (not physical devices like IOT, Cameras, Office Laptops etc), why do they need to be configured on the Switch itself. Does that mean, one has to have an individual / physical port for each virtual VLAN (ie no underlying physical device) created in Proxmox / PfSense ?
No, it's just whichever port is used (you can have multiple VM on a single port) has to understand the vLANs (tagged).
@@Jims-Garage thanks for the reply; atm I have a physical Nic (and created a Proxmox VMBR without it being VLAN aware), connected to a Mikrotik Hex (with VLANs). This is being used as parent interface to segregate physical IOT, office, cameras etc.
I have also created another VLAN aware VMBR in Proxmox, albeit without it being connected to a physical NIC port. Have created 3 VLANs on Pfsense, and CTs/VMs on Proxmox with respective VLAN tags.
Not sure if this is the right way. Or should I make the physic Nic / bridge VLAN aware then have all 7 VLANs trunked to the Hex.
So which do you prefer pfsense or opnsense or Sophos? Each have their pros and cons.
@@mikescott4008 I find Sophos xg the easiest to use but the lack of WireGuard isn't great. pfSense has better WireGuard performance than OPNSense and I prefer its UI, but I'm still on OPNSense for the time. I will likely move to pfSense when I can be bothered.
@@Jims-Garage interesting and semi where I'm at too. I find pfsense easier than XG at the moment, but I've been out of the XG echosystem for circa 12-14 months having moved to pfsense. Opnsense I've never gotten on with and find the pfsense+ instance I have quicker. I have OpenVPN, WG and IPSEC VPNs configured. I have been tempted to setup a WG concentrator on a seperate VM and run XG again. XG Home doesn't leverage the crypto either sadly. The XG135 R3 unit I have can do QAT, which I've using on pfsense+ along with DCO. Due to the size of my little network it prob makes little difference. I'm waiting for Toob to come into my area to then jump on their 900/900 offereing rather than Virgin atm.
I like exploring these options out of learning as job wise I'm more on the normal infra stack. vMware, Microsoft, AD, MECM etc.
I'm just considering opnsense on the XG230 unit at the moment, but it's got V21 XG on it atm.
The Let's encrypt on Sophos XG will meet my needs anyway as I've spun up a CA at home for all the internal stuff, also gets away from the 90 day re-loading certs..
Hi, great video
I have a UCG Ultra right now connected to my modem and i tried switching it like this ISP-pfsense-ucg-accesspoints
But in this scenario my pfsense only sees ucg ip in logs and not individual hosts connected to AP. I want to monitor network connections in a SIEM. Can you suggest how can i overcome this?
Thanks
Why do you want 2 firewalls?
@@Jims-Garage because i have netgate 1100 which can not afford ids/ips, i tried multiple time but it doesn’t work due to less memory so i want to use ucg ultra for that and I invested in these 2 hardwares now so thought of finding some way but am not super with networking stuff.
Great video! Is there already a way of using MFA in VPN (either from pfsens or OPNSense) without entering the OTP+password / password+OTP when authenticating? Should be a 2nd phase separately as it is in any other solution. Thanks
@@miguelfonseca9923 checkout my netbird video. You can integrate that with an identity provider and have MFA
Thanks for the great video. Could you do another video to cover QinQ (IEEE 802.1ad) Vlan on Pfsense ?
great vid! Maybe site-to-site on wg next time?
Sure, sounds like a good idea.
For IDS & IPS, there is another plug-in called suricata....why no use it? Any different between snort and suricata?
They're both pretty useless for anything internet related. Neither of them can inspect encrypted traffic.
@@Jims-Garage so which one do you recommend that can inspect encrypted traffic?
RE the NAT piece re WireGuard, I assume you're only doing that due to running full tunnel setup? I'm still on pfsense, I started looking at v21 Early Access Sophos XG, but back here.. SDN is of interest on Sophos XG, but I am using multiple WAN. Virgin and 4G failover, I don't like the monitor IP option on pfsense as it essentially creates a static route underneath. Next thing I'll be doing re "homelab" is spinning up an internal CA and lets encrypt only for the pfsense box. WG for my IOS devices, OpenVPN for laptop and IPSec for s2s to other family firewalls.
So you drop sophos for pfsense or opensense, right? If so, any particular reason why you drop sophos?
@@FilipeNeto616 initially because I couldn't get the Sophos xg to recognise my MS-01 NIC (you need to use the iso not KVM image). But I also gained the benefit of WireGuard on the firewall. Sophos still uses an ancient kernel
First 🙌
Haha! Yes, you win 🥇
Still using pfsense? I’m flipping between Sophos XG Home and Pfsense+. Both running on XG135 R3 devices.
Using IPsec for VPN services, s2s and for IOS etc
@@mikescott4008 still using OPNSense but testing pfSense. Working out if I can be bothered to switch
@@Jims-Garage FAir do :) Couldn't get on with opnsense, everytime I try it for a bit I switch.
@mikescott4008 pfSense makes more sense to me, but I've learned OPNSense now.
What's the additional hardware requirement from running Wireguard, OpenVPN and snort? I'm in a virtualised environment on Proxmox and looking to keep resource allocations as meagre as possible. Currently running pfSense with just 1 core and 512MB of memory (I know the reqts are higher), so wondering what I will need to tweak if I add snort and Wireguard?
@@IwanDavies snort you likely need about 6GB and 4 cores, WireGuard shouldn't need much. I'm very surprised that you can run pfSense long term and reliably with 512MB, the minimum requirement on their site is 1 GB.
@@Jims-Garage pfSense VM uptime currently clocking in at 193 days! (I've jinxed it now haven't I!) There's only two of us in the house but we both work from home, so there's a work vlan, home vlan and IOT vlan, plus all the usual streaming, etc. so a chunk of traffic running through it. The limiting factor is my Proxmox server which is an ageing Fujitsu entry-level tower server with a 4-core Xeon that only supports 32GB of RAM. I managed to get your K3s & longhorn tutorial running on it though! Just about got an nginx container running on that but it was struggling. Thx for the vid(s) & your reply!
@@IwanDavies that's amazing considering the hardware constraints, nice one!
Last I heard KEA DHCP was not feature complete, be cautious!
Thanks, wasn't aware of that. I'll read into it.
KEA is lacking a lot of stuff.
@@Jims-Garage Basic functionality is present in version 23.09, but the Kea implementation lacks the following DHCP server features:
Local DNS Resolver/Forwarder Registration for static and dynamic DHCP clients
Remote DNS server registration
DHCPv6 Prefix Delegation
High Availability Failover
Lease statistics/graphs
Custom DHCP options
@@emanuelpersson3168
I've had problems with KEA as the DHCP back end and had to revert back. Basically, I've had statically mapped clients sometimes get IP addresses from the DHCP server pool instead of the mapped ones.
If I choose to run pfsense in proxmox how should I keep proxmoxs secure? I want proxmox it self be protected by pfsense and be able to download updates.
@@CrazyDriverSwed Proxmox connects to the virtual pfSense
Can you check how to configure the python pfblocker
Opnsense please! 😀
I have a complete playlist already on OPNSense covering all of this and more.
Hi Bro can you please make a step by step video on configuring Pfsense Openvpn with split tunnelling & configure Ubuntu as a VPN client. Please its a request. kindly reply
Do you prefer Pfsense over Opnsense (newest version)
Both pretty much the same. I prefer the layout of pfSense and its WireGuard implementation is faster but there are no absolute deal breakers.
Now kind Sir, you're talking my language. Unfortunately we all aren't in position to "hijack" the entire network for ourselves or our homelab and just tell the rest of the family to use neighbor's wi-fi (regardless if you're a "dad-in-charge".. when ever wife is kind enough to let you believe in such.. hmm, nonsense... or a "regular" part of a family) so thank you for this distinction. Let's rock'n'roll - for younger viewers then is the ONLY real genre of music and you poor young souls have no idea what you're missing. (The opinions are my own and not of my employer - pls don't send h8 and spread only love via these internet comments)
Haha, thanks Doc, rock on!