Re: [pfSense Support] Firewall not blocking ip after adding it to rules

2010-04-28 Thread Jim Pingle 
On 4/27/2010 6:37 PM, Chris Flugstad wrote:
> I block an ip in the fw rules on lan and wan, and then reset states, but
> traffic is still being passed to and from that ip
> 
> did i miss something?

These problems boil down to one of a few issues:

1. IP has an existing state. Clearing states or rebooting would fix.

2. Rule is below other rules that matches the traffic, and is thus
ignored. First match wins.

3. Rule is on the wrong interface. Rules go on the interface where
pfSense first sees the traffic ("in" direction, from the firewall's
POV). Blocking traffic coming from a LAN client? Rule goes on LAN.
Blocking traffic coming from an Internet host? Rule goes on WAN.

4. The rule does not actually match the traffic. Be more general than
specific. Especially make sure the protocol and IP match.

Jim

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Firewall not blocking ip after adding it to rules

2010-04-28 Thread Danny 
On Wed, Apr 28, 2010 at 6:06 PM, David Burgess  wrote:

> On Tue, Apr 27, 2010 at 4:37 PM, Chris Flugstad 
> wrote:
> > I block an ip in the fw rules on lan and wan, and then reset states, but
> > traffic is still being passed to and from that ip
> >
> > did i miss something?
>
> Your rules are probably wrong then. A common mistake is to enter a
> source port for the block rule on the WAN, for example. For best
> results, post a screen shot of your LAN rules.
>
> db
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>


-- 
dpc
You have to think as if you were the firewall. Think that you are sitted on
the firewall, and think that the traffic is always incoming(incomig to you).
Look which interface is receiving the traffic and you will fnd the solution

Regards

Re: [pfSense Support] Firewall not blocking ip after adding it to rules

2010-04-28 Thread David Burgess 
On Tue, Apr 27, 2010 at 4:37 PM, Chris Flugstad  wrote:
> I block an ip in the fw rules on lan and wan, and then reset states, but
> traffic is still being passed to and from that ip
>
> did i miss something?

Your rules are probably wrong then. A common mistake is to enter a
source port for the block rule on the WAN, for example. For best
results, post a screen shot of your LAN rules.

db

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Firewall not blocking ip after adding it to rules

2010-04-28 Thread mayak-cq 
On Wed, 2010-04-28 at 08:39 -0700, Chris Flugstad wrote:
> both rules are at the top of the list.
> 
> On 4/28/2010 5:39 AM, Chris Buechler wrote:
> > On Wed, Apr 28, 2010 at 4:54 AM, Chris Flugstad  
> > wrote:
> >
> >> fw is not disabled. woudl it matter if i am using public ip's on the LAN
> >> side?
> >>
> >>  
> > No. My guess is your rule order is wrong (first match wins).

Or the IP has has a current state ...




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Firewall not blocking ip after adding it to rules

2010-04-28 Thread Chris Flugstad 

both rules are at the top of the list.

On 4/28/2010 5:39 AM, Chris Buechler wrote:

On Wed, Apr 28, 2010 at 4:54 AM, Chris Flugstad  wrote:
   

fw is not disabled. woudl it matter if i am using public ip's on the LAN
side?

 

No. My guess is your rule order is wrong (first match wins).

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

   


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Firewall not blocking ip after adding it to rules

2010-04-28 Thread Chris Buechler 
On Wed, Apr 28, 2010 at 4:54 AM, Chris Flugstad  wrote:
> fw is not disabled. woudl it matter if i am using public ip's on the LAN
> side?
>

No. My guess is your rule order is wrong (first match wins).

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Firewall not blocking ip after adding it to rules

2010-04-28 Thread Danny 
Look below. I top posted by mistake. Sorry

On Wed, Apr 28, 2010 at 10:54 AM, Chris Flugstad wrote:

>  fw is not disabled. woudl it matter if i am using public ip's on the LAN
> side?
>
>
> On 4/28/2010 1:45 AM, Danny wrote:
>
> Is the firewall disabled? Check tick in System Advanced.
>
> The destination ip address is on the same interface as the traffic come
> from?
>
> Regards
>
> On Wed, Apr 28, 2010 at 10:41 AM, Chris Flugstad wrote:
>
>> no not using squid at all
>>
>> i just created a rule on the lan, didnt work. then created a rule on the
>> wan as well, still nothing.  reset states.  still nothing.  packets are
>> still being passed to that ip address.
>>
>> any thoughts?
>>
>> -chris
>>
>>
>> On 4/27/2010 3:40 PM, David Burgess wrote:
>>
>>> Are you using squid as transparent? If so you have to override the GUI
>>> anti-lockout rule. Be sure to make alternate arrangements to get into
>>> the GUI, or you'll lock yourself out.
>>>
>>> db
>>>
>>> On 4/27/10, Chris Flugstad  wrote:
>>>
>>>
 I block an ip in the fw rules on lan and wan, and then reset states, but
 traffic is still being passed to and from that ip

 did i miss something?

 -chris

 -
 To unsubscribe, e-mail: support-unsubscr...@pfsense.com
 For additional commands, e-mail: support-h...@pfsense.com

 Commercial support available - https://portal.pfsense.org




>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
>> For additional commands, e-mail: support-h...@pfsense.com
>>
>> Commercial support available - https://portal.pfsense.org
>>
>>
>
>
> --
> dpc
>
>
Can you send and example of the addressing you are using both LAN and WAN, a
diagram, and screeshots of those you consider relevant?

Source IP and destination of the traffic?

Regards

-- 
dpc

Re: [pfSense Support] Firewall not blocking ip after adding it to rules

2010-04-28 Thread Chris Flugstad 
fw is not disabled. woudl it matter if i am using public ip's on the LAN 
side?


On 4/28/2010 1:45 AM, Danny wrote:

Is the firewall disabled? Check tick in System Advanced.

The destination ip address is on the same interface as the traffic 
come from?


Regards

On Wed, Apr 28, 2010 at 10:41 AM, Chris Flugstad 
mailto:ch...@cascadelink.com>> wrote:


no not using squid at all

i just created a rule on the lan, didnt work. then created a rule
on the wan as well, still nothing.  reset states.  still nothing.
 packets are still being passed to that ip address.

any thoughts?

-chris


On 4/27/2010 3:40 PM, David Burgess wrote:

Are you using squid as transparent? If so you have to override
the GUI
anti-lockout rule. Be sure to make alternate arrangements to
get into
the GUI, or you'll lock yourself out.

db

On 4/27/10, Chris Flugstadmailto:ch...@cascadelink.com>>  wrote:

I block an ip in the fw rules on lan and wan, and then
reset states, but
traffic is still being passed to and from that ip

did i miss something?

-chris


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com

For additional commands, e-mail: support-h...@pfsense.com


Commercial support available - https://portal.pfsense.org





-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com

For additional commands, e-mail: support-h...@pfsense.com


Commercial support available - https://portal.pfsense.org




--
dpc

Re: [pfSense Support] Firewall not blocking ip after adding it to rules

2010-04-28 Thread Danny 
Is the firewall disabled? Check tick in System Advanced.

The destination ip address is on the same interface as the traffic come
from?

Regards

On Wed, Apr 28, 2010 at 10:41 AM, Chris Flugstad wrote:

> no not using squid at all
>
> i just created a rule on the lan, didnt work. then created a rule on the
> wan as well, still nothing.  reset states.  still nothing.  packets are
> still being passed to that ip address.
>
> any thoughts?
>
> -chris
>
>
> On 4/27/2010 3:40 PM, David Burgess wrote:
>
>> Are you using squid as transparent? If so you have to override the GUI
>> anti-lockout rule. Be sure to make alternate arrangements to get into
>> the GUI, or you'll lock yourself out.
>>
>> db
>>
>> On 4/27/10, Chris Flugstad  wrote:
>>
>>
>>> I block an ip in the fw rules on lan and wan, and then reset states, but
>>> traffic is still being passed to and from that ip
>>>
>>> did i miss something?
>>>
>>> -chris
>>>
>>> -
>>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
>>> For additional commands, e-mail: support-h...@pfsense.com
>>>
>>> Commercial support available - https://portal.pfsense.org
>>>
>>>
>>>
>>>
>>
>>
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>


-- 
dpc

Re: [pfSense Support] Firewall not blocking ip after adding it to rules

2010-04-28 Thread Chris Flugstad 

no not using squid at all

i just created a rule on the lan, didnt work. then created a rule on the 
wan as well, still nothing.  reset states.  still nothing.  packets are 
still being passed to that ip address.


any thoughts?

-chris

On 4/27/2010 3:40 PM, David Burgess wrote:

Are you using squid as transparent? If so you have to override the GUI
anti-lockout rule. Be sure to make alternate arrangements to get into
the GUI, or you'll lock yourself out.

db

On 4/27/10, Chris Flugstad  wrote:
   

I block an ip in the fw rules on lan and wan, and then reset states, but
traffic is still being passed to and from that ip

did i miss something?

-chris

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org


 
   


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Firewall not blocking ip after adding it to rules

2010-04-27 Thread David Burgess 
Are you using squid as transparent? If so you have to override the GUI
anti-lockout rule. Be sure to make alternate arrangements to get into
the GUI, or you'll lock yourself out.

db

On 4/27/10, Chris Flugstad  wrote:
> I block an ip in the fw rules on lan and wan, and then reset states, but
> traffic is still being passed to and from that ip
>
> did i miss something?
>
> -chris
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>

-- 
Sent from my mobile device

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org