I am confused... I thought this thread was about the place you put your ass not your rigs. 
Also a state table that large... I guess if you got the RAM it doesn't matter, but I doubt you would ever be able to fill even half of it. And I have my own personal feelings about Hyper-V. If the domain controller on the same box and I very much hope that is the base OS doing it and not in a VM...
And just some quick notes.
Installed Packages:
HAVP Antivirus -- Last I saw can't do scanning of SSL connections. (Makes sense.)
Snort 2.0, -- Good, the rules for my office are strict and set to block offenders indefinitely.
Country Block (helps alot with spam) -- Found this to be a poorly implemented hack last time I checked it out.
Squid -- I guess if you are sharing that connection with a bunch of people and want to do some content filtering.
BandwidthD -- Hit or miss, but if it does work has some decent info.
OpenVPN -- Part of the base install
Anyterm -- Cool concept, but I am never without a SSH client.
Widescreen Dashboard (A MUST) - Meh, I don't spend much time there.
Also the QoS is great when you know what your connection will be, but it seems in this day of Comcast speed boost, and the like, it seems this comes out to a bit of a wash. But if you have a guaranteed speed leased line it makes this more valuable.
Has fites ever thought about RemoteFX for our friends who might want to come to the LAN but dont have the pc capable?
As a group. No. We already have plenty of stuff to manage. 
Holy critique. I guess i misinterpreted the point of this thread. Is there a rig thread? I'll move the post
I agree with the state table, but after I saw how much ram the system used after it was up and running it doesnt hurt. Its like... why not? Its ram just sitting there. We've gotten it up to a million before. but it took 12 of us all running serveral torrentz with 10's of thousands of seeds. She didnt even hiccup. In comparison we managed to crash the very first pfsense I ran with a 500mhz P2 and 512MB of ram. That only took four of us haha.
https virus scanning would require a device that scans at Layer 7. Something like Untangle, I believe does it. But that things a a Ford Fiesta comapred to the rocket ship that pfsense is. Its state table is hard coded @ 10k. Know what happens if even one person opens up the steam server browser while behind an Untangle box? Your internet goes to Crap. chr0n0splooge runs it at his house. Not thanks. HAVP does return more false positives. But then again pfsense wsant meant as a UTM.
Country block works well. On default it cut down on spam 90%. I have found that the default lists are sometimes out of date. I had the idea of downloading the list, extracting them to pfsense. If i was a little more fluent with *nix/bsd id setup a cron job to do it every so often, but i didnt think it was worth the effort. I've since lost the address to the site that provides these. Same for squid whos lists can be out dated.
Yes I'm using squid for filtering content. Its really just there to "have". It also acts as a webcache (hence the 120GB HD) which I guess helps out a little on Tuesdays with all the VM's and actual physical machines I have here pulling updates.
BandwidthD and Dartstat (i switch between the two) give great information. The g/f's pc is always in the lead. She streams Netflix nonstop.
I use anyterm because I'd rather not open a direct SSH port over the internet. I hardly ever use it anyway
Whether you spend alot of time in the dashboard or not the widescreen package is a MUST. It allows you to display alot more information. Theres really no reason to NOT have it if you use widescreen monitors.
I dont have Comcast speed boost. I have FiOS. Theres no throttling or some gimmicky speed increase. I have the 15/5 plan and CONSISTENTLY get 20/10. The g/f can stream netflix, the VM server can download torrents, and I can play BC2 no lag at all.
HyperV I have my gripes with. In reality I'd like to use ESXi but at the time of setting all this up initially I had no exposure to it. Its done everything I ever needed it to do. I use ESXi at work and I like it better, but at this point it woudl take entirely too much effort and time to convert everything. It works the way it is and honestly wouldnt really work any better with ESXi. Besides the host server also doubles as a NAS and I refuse to virtualize a NAS.
Not sure what your gripe is about a virtualized domain controller. I dont have the infrastructure or care to have the electic bill associated with all the things that I know I should be doing. This recreational home stuff, although I try to keep as many enterprise standards as possible assuming they dont interfere with anything around the house. I save that stuff for the servers and network I manage at the job. I do this all day. I try to keep it close, but really let alot of things slide here at home.
Regardless I have a disaster recovery plan in the event anything happens. In all honesty I wouldnt even implement it. Its not worth the trouble. Nothing I do here is THAT important. But it does exist and would work if i decided to go down that path. Nothing here is that mission critical. You can rest assure my DR plan was out and ready for work this past weekend, in case a tree fell on the office and rain got it or something and burned the place down who knows.
but ty so much for the critique, i like to stay on top of things. any other questions?
