[pfSense Support] BLOCK IP or ALIAS firewall rule not blocking traffic
So i have public IP's , not Nat'd , on this box, 1.2.3, and I have blocked an ip on both WAN AND LAN , any protocol, source and destination, and traffic is still passing for this ip. any help? ?xml version=1.0? pfsense version3.0/version lastchange/ themenervecenter/theme system optimizationnormal/optimization hostnamevelo/hostname domaincascadelink.net/domain usernameadmin/username password$1$0kI0v5aq$3MgU0scFP/99M4LLDKtFd./password timezoneAmerica/Los_Angeles/timezone time-update-interval/ timeservers0.pfsense.pool.ntp.org/timeservers webgui protocolhttps/protocol certificate/ private-key/ port/ /webgui disablenatreflectionyes/disablenatreflection ssh authorizedkeys/ port/ /ssh enablesshdyes/enablesshd maximumstates/ shapertype/ dnsserver207.246.154.2/dnsserver dnsserver207.246.154.3/dnsserver dnsallowoverride/ /system interfaces lan ifrl0/if ipaddr216.127.48.65/ipaddr subnet27/subnet media/ mediaopt/ bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype bridge/ /lan wan ifxl0/if mtu/ blockpriv/ blockbogons/ media/ mediaopt/ bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype disableftpproxy/ ipaddr216.127.61.160/ipaddr subnet26/subnet gateway216.127.61.129/gateway spoofmac/ /wan /interfaces staticroutes/ pppoe username/ password/ provider/ /pppoe pptp username/ password/ local/ subnet/ remote/ /pptp bigpond username/ password/ authserver/ authdomain/ minheartbeatinterval/ /bigpond dyndns typedyndns/type username/ password/ host/ mx/ /dyndns dhcpd lan enable/ range from216.127.48.66/from to216.127.48.94/to /range defaultleasetime/ maxleasetime/ netmask/ failover_peerip/ gateway/ ddnsdomain/ next-server/ filename/ /lan /dhcpd pptpd mode/ redir/ localip/ remoteip/ /pptpd ovpn/ dnsmasq enable/ /dnsmasq snmpd syslocation/ syscontact/ rocommunitypublic/rocommunity /snmpd diag ipv6nat/ /diag bridge/ syslog/ nat ipsecpassthru/ advancedoutbound enable/ /advancedoutbound /nat filter rule typeblock/type interfacewan/interface max-src-nodes/ max-src-states/ statetimeout/ statetypekeep state/statetype os/os source address216.127.48.72/address /source destination address216.127.48.72/address /destination descr/ /rule rule typepass/type interfacewan/interface max-src-nodes/ max-src-states/ statetimeout/ statetypekeep state/statetype os/ source any/ /source destination any/ /destination descr/ /rule rule typeblock/type interfacelan/interface max-src-nodes/ max-src-states/ statetimeout/ statetypekeep state/statetype os/ source address216.127.48.72/address /source destination address216.127.48.72/address /destination descr/ /rule rule typepass/type descrDefault LAN -gt; any/descr interfacelan/interface source networklan/network /source destination any/ /destination /rule /filter shaper schedulertypehfsc/schedulertype queue nameqwanRoot/name associatedrule0/associatedrule priority0/priority parentqueueon/parentqueue bandwidth3/bandwidth bandwidthtypeKb/bandwidthtype /queue queue nameqlanRoot/name associatedrule0/associatedrule priority0/priority parentqueueon/parentqueue bandwidth3/bandwidth bandwidthtypeKb/bandwidthtype /queue queue nameqwandef/name attachtoqueueqwanRoot/attachtoqueue associatedrule0/associatedrule defaultqueuetrue/defaultqueue priority1/priority realtimeon/realtime realtime31%/realtime3 bandwidth1/bandwidth bandwidthtype%/bandwidthtype qlimit500/qlimit /queue queue nameqlandef/name priority1/priority attachtoqueueqlanRoot/attachtoqueue associatedrule0/associatedrule defaultqueuetrue/defaultqueue realtimeon/realtime realtime31%/realtime3 bandwidth1/bandwidth bandwidthtype%/bandwidthtype qlimit500/qlimit /queue queue nameqwanacks/name ack/ attachtoqueueqwanRoot/attachtoqueue associatedrule0/associatedrule priority7/priority realtimeon/realtime realtime310%/realtime3 bandwidth25/bandwidth bandwidthtype%/bandwidthtype /queue queue nameqlanacks/name ack/ attachtoqueueqlanRoot/attachtoqueue associatedrule0/associatedrule priority7/priority realtimeon/realtime realtime310%/realtime3 bandwidth25/bandwidth bandwidthtype%/bandwidthtype /queue queue nameqVOIPUp/name attachtoqueueqwanRoot/attachtoqueue associatedrule0/associatedrule priority7/priority realtimeon/realtime realtime31024Kb/realtime3 bandwidth25/bandwidth bandwidthtype%/bandwidthtype /queue queue nameqVOIPDown/name attachtoqueueqlanRoot/attachtoqueue associatedrule0/associatedrule
Re: [pfSense Support] BLOCK IP or ALIAS firewall rule not blocking traffic
On Wed, Sep 22, 2010 at 5:33 PM, Chris Flugstad ch...@cascadelink.com wrote: So i have public IP's , not Nat'd , on this box, 1.2.3, and I have blocked an ip on both WAN AND LAN , any protocol, source and destination, and traffic is still passing for this ip. any help? Traffic will never be sourced from and destined to the same IP. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] BLOCK IP or ALIAS firewall rule not blocking traffic
So what rule(s) would I add to block all traffic to this ip. I setup traffice shaping and set this ip to a 5k up/down but its still much higher than that -chris On 9/22/2010 2:39 PM, Chris Buechler wrote: On Wed, Sep 22, 2010 at 5:33 PM, Chris Flugstadch...@cascadelink.com wrote: So i have public IP's , not Nat'd , on this box, 1.2.3, and I have blocked an ip on both WAN AND LAN , any protocol, source and destination, and traffic is still passing for this ip. any help? Traffic will never be sourced from and destined to the same IP. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] BLOCK IP or ALIAS firewall rule not blocking traffic
Are you trying to block an external IP from internal network or internal IP from external network If IP to be blocked in external on WAN put Action=Block, Protocol=Any, Source IP=(your IP to block), Destination IP=Any on LAN put Action=Block, Protocol=Any, Source IP= Any, Destination IP=(your IP to block) If IP to be blocked in internal on LAN put Action=Block, Protocol=Any, Source IP=(your IP to block), Destination IP=Any on WAN put Action=Block, Protocol=Any, Source IP= Any, Destination IP=(your IP to block) Remember rules are processed in order top to bottom, so if allow all is on top, this will do nothing. Ryan Rodrigue P.O. Box 4336 Systems Technician Houma, LA 70361 A A R Electronics, Inc Phone (985) 876-4096 510 West Tunnel Blvd Phone (800) 649-7346 Houma LA 70360 Fax (985) 853-1034 radiote...@aaremail.com www.aarelectronics.com -Original Message- From: Chris Flugstad [mailto:ch...@cascadelink.com] Sent: Wednesday, September 22, 2010 4:44 PM To: support@pfsense.com Subject: Re: [pfSense Support] BLOCK IP or ALIAS firewall rule not blocking traffic So what rule(s) would I add to block all traffic to this ip. I setup traffice shaping and set this ip to a 5k up/down but its still much higher than that -chris On 9/22/2010 2:39 PM, Chris Buechler wrote: On Wed, Sep 22, 2010 at 5:33 PM, Chris Flugstadch...@cascadelink.com wrote: So i have public IP's , not Nat'd , on this box, 1.2.3, and I have blocked an ip on both WAN AND LAN , any protocol, source and destination, and traffic is still passing for this ip. any help? Traffic will never be sourced from and destined to the same IP. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] BLOCK IP or ALIAS firewall rule not blocking traffic
ryan, i setup the the rules as you stated,, both options and the traffic is still going to and from this ip address :( not sure what to do from here. do i need to reboot the router? I reset the states,but have not rebooted yet. -chris On 9/22/2010 2:59 PM, Ryan wrote: Are you trying to block an external IP from internal network or internal IP from external network If IP to be blocked in external on WAN put Action=Block, Protocol=Any, Source IP=(your IP to block), Destination IP=Any on LAN put Action=Block, Protocol=Any, Source IP= Any, Destination IP=(your IP to block) If IP to be blocked in internal on LAN put Action=Block, Protocol=Any, Source IP=(your IP to block), Destination IP=Any on WAN put Action=Block, Protocol=Any, Source IP= Any, Destination IP=(your IP to block) Remember rules are processed in order top to bottom, so if allow all is on top, this will do nothing. Ryan Rodrigue P.O. Box 4336 Systems Technician Houma, LA 70361 A A R Electronics, Inc Phone (985) 876-4096 510 West Tunnel Blvd Phone (800) 649-7346 Houma LA 70360 Fax (985) 853-1034 radiote...@aaremail.com www.aarelectronics.com -Original Message- From: Chris Flugstad [mailto:ch...@cascadelink.com] Sent: Wednesday, September 22, 2010 4:44 PM To: support@pfsense.com Subject: Re: [pfSense Support] BLOCK IP or ALIAS firewall rule not blocking traffic So what rule(s) would I add to block all traffic to this ip. I setup traffice shaping and set this ip to a 5k up/down but its still much higher than that -chris On 9/22/2010 2:39 PM, Chris Buechler wrote: On Wed, Sep 22, 2010 at 5:33 PM, Chris Flugstadch...@cascadelink.com wrote: So i have public IP's , not Nat'd , on this box, 1.2.3, and I have blocked an ip on both WAN AND LAN , any protocol, source and destination, and traffic is still passing for this ip. any help? Traffic will never be sourced from and destined to the same IP. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] BLOCK IP or ALIAS firewall rule not blocking traffic
On Wed, Sep 22, 2010 at 6:28 PM, Chris Flugstad ch...@cascadelink.com wrote: ryan, i setup the the rules as you stated,, both options and the traffic is still going to and from this ip address :( not sure what to do from here. do i need to reboot the router? No. At worst, resetting states. If it's not blocking it after resetting states, you're still doing something wrong. What do your rules look like now? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] BLOCK IP or ALIAS firewall rule not blocking traffic
wan rules proto source port dest port gw block * 216.127.61.72 * * ** lan rules block * * * 216.127.61.72 ** both are at the top above the default/any rules both are set to block, not reject -chris On 9/22/2010 3:31 PM, Chris Buechler wrote: On Wed, Sep 22, 2010 at 6:28 PM, Chris Flugstadch...@cascadelink.com wrote: ryan, i setup the the rules as you stated,, both options and the traffic is still going to and from this ip address :( not sure what to do from here. do i need to reboot the router? No. At worst, resetting states. If it's not blocking it after resetting states, you're still doing something wrong. What do your rules look like now? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] BLOCK IP or ALIAS firewall rule not blocking traffic
On Wed, Sep 22, 2010 at 5:14 PM, Chris Flugstad ch...@cascadelink.com wrote: wan rules proto source port dest port gw block * 216.127.61.72 * * * * lan rules block * * * 216.127.61.72 Although you weren't explicit, I got the impression that the host you are trying to block is local to you. If so, then you need to reverse your interfaces OR reverse the source/dest IP addresses. If on the other hand 216.127.61.72 is an internet host that you're trying to detach from your network, then your rules look good. db
Re: [pfSense Support] BLOCK IP or ALIAS firewall rule not blocking traffic
You are correct, the public ip is local on our LAN port. i did try that before, and have gone back to it I think when I thought I switched them , I just switched one and then switched it back. didnt look like settings took place till i reset states. i waited for about 3 minutes, and didnt see a difference, so i reset the states and now that ip is not transmitting any outbound traffic but seemes to still pull inbound traffic now. wondering if some arp poisoning is going on. I did what i needed to do for the time being though. much appreciated. -chris On 9/22/2010 4:18 PM, David Burgess wrote: On Wed, Sep 22, 2010 at 5:14 PM, Chris Flugstadch...@cascadelink.com wrote: wan rules proto source port dest port gw block * 216.127.61.72 * * ** lan rules block * * * 216.127.61.72 Although you weren't explicit, I got the impression that the host you are trying to block is local to you. If so, then you need to reverse your interfaces OR reverse the source/dest IP addresses. If on the other hand 216.127.61.72 is an internet host that you're trying to detach from your network, then your rules look good. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] BLOCK IP or ALIAS firewall rule not blocking traffic
On Wed, Sep 22, 2010 at 5:30 PM, Chris Flugstad ch...@cascadelink.com wrote: I did what i needed to do for the time being though. much appreciated. And that, ladies and gentlemen, is what we call poaching the solution ;) If this list ran on a points system I would get a flogging now. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Errors in logs
I rebooted last night and see this, any idea which file line 1 refers to? Thanks! jlc Sep 22 03:17:06 last message repeated 2 times Sep 22 03:17:06 php: : XML error: not well-formed (invalid token) at line 1 Sep 22 03:17:06 php: : Resyncing configuration for all packages. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Errors in logs
On Wed, Sep 22, 2010 at 8:14 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: I rebooted last night and see this, any idea which file line 1 refers to? Cosmetic, not an error. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
