On Fri, Oct 2, 2009 at 3:43 PM, Borowicz, Paul <pborow...@behaviorcorp.org> wrote: > I am 1.2.3-RC3 > built on Mon Sep 14 02:04:35 UTC 2009 > > I have a DMZ, WAN, and LAN on this box. I have been getting bleed through > from the DMZ to the LAN and vice versa. > > I have a WAN rule, all stars except destinaition is DMZ net > > I have two DMZ rules, the are both applied to source DMZ net, one blocks an > alias I have defind called internal_subnets and one allows anything except > things destined for internal_subnets. > > I also had a rule on the lan that blocks anything destined for 10.1.1.0/24 > (my dmz subnet), it did not work until I changed it to block DMZ net. > > Is this a bug where the subnets are not being recognized in the firewall > interface? >
No, something not right with your rules, or how you're testing them. For example, a constant ping won't get dropped when you add a block rule since it has an existing state. Once you stop it, wait a few seconds, and start it again, it will get blocked. Or kill the state manually under Diagnostics -> States. > A curious thing is that I can now not ping 10.1.1.4 from a computer plugged > into the LAN, but I can ping it from the diagnostics ping interface if I > source the ping from the LAN interface. > Rules don't apply to traffic initiated from the firewall. Since you're a support customer, please open a new ticket attaching a copy of your configuration and we'll check it out. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
