[pfSense Support] pfSense Blocking some traffic
Greetings everyone, I have noticed some strange behavior, I have setup a Bridge and setup specific blocking rules for access to systems behind our firewall, I also have explicit access rules for port 80: pass in quick on $wan reply-to (em0 GATEWAYIP) proto tcp from any to any port = 80 keep state label USER_RULE: HTTP Port Allow Access at the bottom of the firewall rules I have this entry to allow everything that I am not specifically blocking: pass in quick on $wan reply-to (em0 GATEWAYIP) from any to any keep state label USER_RULE: Allow Everything Else On my internal interface of the bridge I have the following entry: pass in quick on $InternalNetwork from any to any keep state label USER_RULE However I am seeing entries captured in my firewall logs where visitors are being denied per the Default deny rule at the very bottom of the pf rules. My question is why are my explicit rules not capturing the entries before it gets to the last rule? And also, how can I disable those two rules or can they be disabled? Thanks Joe -- This message has been scanned for viruses by Colocube's AV Scanner - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense Blocking some traffic
Joseph Hardeman wrote: However I am seeing entries captured in my firewall logs where visitors are being denied per the Default deny rule at the very bottom of the pf rules. My question is why are my explicit rules not capturing the entries before it gets to the last rule? And also, how can I disable those two rules or can they be disabled? My guess is that you're really seeing this: http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection%2C_why%3F And no traffic is actually being dropped. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense Blocking some traffic
Jim Pingle wrote: Joseph Hardeman wrote: However I am seeing entries captured in my firewall logs where visitors are being denied per the Default deny rule at the very bottom of the pf rules. My question is why are my explicit rules not capturing the entries before it gets to the last rule? And also, how can I disable those two rules or can they be disabled? My guess is that you're really seeing this: http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection%2C_why%3F And no traffic is actually being dropped. Jim Very interesting, but definitely makes sense, specially since I can't seem to get a blocked session to my systems. Thanks Jim for the link. Joe -- This message has been scanned for viruses by Colocube's AV Scanner - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org