So i have public IP's , not Nat'd , on this box, 1.2.3, and I have
blocked an ip on both WAN AND LAN , any protocol, source and
destination, and traffic is still passing for this ip.
any help?
<?xml version="1.0"?>
<pfsense>
<version>3.0</version>
<lastchange/>
<theme>nervecenter</theme>
<system>
<optimization>normal</optimization>
<hostname>velo</hostname>
<domain>cascadelink.net</domain>
<username>admin</username>
<password>$1$0kI0v5aq$3MgU0scFP/99M4LLDKtFd.</password>
<timezone>America/Los_Angeles</timezone>
<time-update-interval/>
<timeservers>0.pfsense.pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<certificate/>
<private-key/>
<port/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<ssh>
<authorizedkeys/>
<port/>
</ssh>
<enablesshd>yes</enablesshd>
<maximumstates/>
<shapertype/>
<dnsserver>207.246.154.2</dnsserver>
<dnsserver>207.246.154.3</dnsserver>
<dnsallowoverride/>
</system>
<interfaces>
<lan>
<if>rl0</if>
<ipaddr>216.127.48.65</ipaddr>
<subnet>27</subnet>
<media/>
<mediaopt/>
<bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<bridge/>
</lan>
<wan>
<if>xl0</if>
<mtu/>
<blockpriv/>
<blockbogons/>
<media/>
<mediaopt/>
<bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<disableftpproxy/>
<ipaddr>216.127.61.160</ipaddr>
<subnet>26</subnet>
<gateway>216.127.61.129</gateway>
<spoofmac/>
</wan>
</interfaces>
<staticroutes/>
<pppoe>
<username/>
<password/>
<provider/>
</pppoe>
<pptp>
<username/>
<password/>
<local/>
<subnet/>
<remote/>
</pptp>
<bigpond>
<username/>
<password/>
<authserver/>
<authdomain/>
<minheartbeatinterval/>
</bigpond>
<dyndns>
<type>dyndns</type>
<username/>
<password/>
<host/>
<mx/>
</dyndns>
<dhcpd>
<lan>
<enable/>
<range>
<from>216.127.48.66</from>
<to>216.127.48.94</to>
</range>
<defaultleasetime/>
<maxleasetime/>
<netmask/>
<failover_peerip/>
<gateway/>
<ddnsdomain/>
<next-server/>
<filename/>
</lan>
</dhcpd>
<pptpd>
<mode/>
<redir/>
<localip/>
<remoteip/>
</pptpd>
<ovpn/>
<dnsmasq>
<enable/>
</dnsmasq>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<diag>
<ipv6nat/>
</diag>
<bridge/>
<syslog/>
<nat>
<ipsecpassthru/>
<advancedoutbound>
<enable/>
</advancedoutbound>
</nat>
<filter>
<rule>
<type>block</type>
<interface>wan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os></os>
<source>
<address>216.127.48.72</address>
</source>
<destination>
<address>216.127.48.72</address>
</destination>
<descr/>
</rule>
<rule>
<type>pass</type>
<interface>wan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<descr/>
</rule>
<rule>
<type>block</type>
<interface>lan</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<source>
<address>216.127.48.72</address>
</source>
<destination>
<address>216.127.48.72</address>
</destination>
<descr/>
</rule>
<rule>
<type>pass</type>
<descr>Default LAN -> any</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
</filter>
<shaper>
<schedulertype>hfsc</schedulertype>
<queue>
<name>qwanRoot</name>
<associatedrule>0</associatedrule>
<priority>0</priority>
<parentqueue>on</parentqueue>
<bandwidth>30000</bandwidth>
<bandwidthtype>Kb</bandwidthtype>
</queue>
<queue>
<name>qlanRoot</name>
<associatedrule>0</associatedrule>
<priority>0</priority>
<parentqueue>on</parentqueue>
<bandwidth>30000</bandwidth>
<bandwidthtype>Kb</bandwidthtype>
</queue>
<queue>
<name>qwandef</name>
<attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<defaultqueue>true</defaultqueue>
<priority>1</priority>
<realtime>on</realtime>
<realtime3>1%</realtime3>
<bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<qlimit>500</qlimit>
</queue>
<queue>
<name>qlandef</name>
<priority>1</priority>
<attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<defaultqueue>true</defaultqueue>
<realtime>on</realtime>
<realtime3>1%</realtime3>
<bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<qlimit>500</qlimit>
</queue>
<queue>
<name>qwanacks</name>
<ack/>
<attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>7</priority>
<realtime>on</realtime>
<realtime3>10%</realtime3>
<bandwidth>25</bandwidth>
<bandwidthtype>%</bandwidthtype>
</queue>
<queue>
<name>qlanacks</name>
<ack/>
<attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>7</priority>
<realtime>on</realtime>
<realtime3>10%</realtime3>
<bandwidth>25</bandwidth>
<bandwidthtype>%</bandwidthtype>
</queue>
<queue>
<name>qVOIPUp</name>
<attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>7</priority>
<realtime>on</realtime>
<realtime3>1024Kb</realtime3>
<bandwidth>25</bandwidth>
<bandwidthtype>%</bandwidthtype>
</queue>
<queue>
<name>qVOIPDown</name>
<attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>7</priority>
<realtime>on</realtime>
<realtime3>1024Kb</realtime3>
<bandwidth>25</bandwidth>
<bandwidthtype>%</bandwidthtype>
</queue>
<queue>
<name>qVOIPUp</name>
<attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>7</priority>
<realtime>on</realtime>
<realtime3>1024Kb</realtime3>
<bandwidth>25</bandwidth>
<bandwidthtype>%</bandwidthtype>
</queue>
<queue>
<name>qVOIPDown</name>
<attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>7</priority>
<realtime>on</realtime>
<realtime3>1024Kb</realtime3>
<bandwidth>25</bandwidth>
<bandwidthtype>%</bandwidthtype>
</queue>
<queue>
<name>qP2PUp</name>
<attachtoqueue>qwanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>1</priority>
<red>on</red>
<ecn>on</ecn>
<realtime>on</realtime>
<realtime3>1Kb</realtime3>
<upperlimit>on</upperlimit>
<upperlimit3>4Kb</upperlimit3>
<bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<qlimit>500</qlimit>
</queue>
<queue>
<name>qP2PDown</name>
<attachtoqueue>qlanRoot</attachtoqueue>
<associatedrule>0</associatedrule>
<priority>1</priority>
<red>on</red>
<ecn>on</ecn>
<realtime>on</realtime>
<realtime3>1Kb</realtime3>
<upperlimit>on</upperlimit>
<upperlimit3>100Kb</upperlimit3>
<bandwidth>1</bandwidth>
<bandwidthtype>%</bandwidthtype>
<qlimit>500</qlimit>
</queue>
<rule>
<inqueue>qVOIPUp</inqueue>
<outqueue>qVOIPDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>5060-5069</port>
</destination>
<descr>m_voip Asterisk inbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<inqueue>qVOIPDown</inqueue>
<outqueue>qVOIPUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>10000-20000</port>
</destination>
<descr>m_voip Asterisk outbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<inqueue>qVOIPUp</inqueue>
<outqueue>qVOIPDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>10000-20000</port>
</destination>
<descr>m_voip Asterisk inbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<inqueue>qVOIPDown</inqueue>
<outqueue>qVOIPUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>5060-5069</port>
</destination>
<descr>m_voip Asterisk outbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<inqueue>qVOIPUp</inqueue>
<outqueue>qVOIPDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>10000-20000</port>
</destination>
<descr>m_voip Asterisk inbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<inqueue>qVOIPUp</inqueue>
<outqueue>qVOIPDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
<port>5060-5069</port>
</destination>
<descr>m_voip Asterisk inbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<inqueue>qVOIPDown</inqueue>
<outqueue>qVOIPUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>10000-20000</port>
</destination>
<descr>m_voip Asterisk outbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<inqueue>qVOIPDown</inqueue>
<outqueue>qVOIPUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
<port>5060-5069</port>
</destination>
<descr>m_voip Asterisk outbound</descr>
<protocol>udp</protocol>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
<descr>p2pCatchAll outbound</descr>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
</destination>
<descr>p2pCatchAll inbound</descr>
</rule>
<rule>
<inqueue>qP2PDown</inqueue>
<outqueue>qP2PUp</outqueue>
<in-interface>lan</in-interface>
<out-interface>wan</out-interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
<descr>p2pCatchAll outbound</descr>
</rule>
<rule>
<inqueue>qP2PUp</inqueue>
<outqueue>qP2PDown</outqueue>
<in-interface>wan</in-interface>
<out-interface>lan</out-interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
</destination>
<descr>p2pCatchAll inbound</descr>
</rule>
<enable/>
</shaper>
<ipsec>
<preferredoldsa/>
</ipsec>
<aliases>
<alias>
<name>mischief</name>
<address>216.127.48.72</address>
<descr/>
<type>host</type>
<detail>Entry added Wed, 22 Sep 2010 14:02:19 -0700||</detail>
</alias>
</aliases>
<proxyarp/>
<cron>
<item>
<minute>0</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 newsyslog</command>
</item>
<item>
<minute>1,31</minute>
<hour>0-5</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 adjkerntz -a</command>
</item>
<item>
<minute>1</minute>
<hour>3</hour>
<mday>1</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
</item>
<item>
<minute>1</minute>
<hour>1</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c</command>
</item>
<item>
<minute>*/5</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/local/bin/checkreload.sh</command>
</item>
<item>
<minute>*/5</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/etc/ping_hosts.sh</command>
</item>
<item>
<minute>*/140</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/local/sbin/reset_slbd.sh</command>
</item>
</cron>
<wol/>
<installedpackages>
<package>
<name>rate</name>
<descr>This package adds a table of realtime bandwidth usage by IP address to Status -> Traffic Graphs</descr>
<category>Network Management</category>
<version>0.9</version>
<status>BETA</status>
<maintainer>j...@pfsense.org</maintainer>
<required_version>1.2.2</required_version>
<depends_on_package_base_url>http://files.pfsense.com/packages/7/All/</depends_on_package_base_url>
<depends_on_package>rate-0.9.tbz</depends_on_package>
<config_file>http://www.pfsense.org/packages/config/rate/rate.xml</config_file>
<configurationfile>rate.xml</configurationfile>
</package>
</installedpackages>
<revision>
<description>/firewall_rules_edit.php made unknown change</description>
<time>1285191057</time>
</revision>
<rrd>
<enable/>
</rrd>
<ezshaper>
<step2>
<inside_int>lan</inside_int>
<download>30000</download>
<outside_int>wan</outside_int>
<upload>30000</upload>
</step2>
<step3>
<enable>on</enable>
<provider>Asterisk</provider>
<address/>
<bandwidth>1024</bandwidth>
</step3>
<step5>
<enable>on</enable>
<p2pcatchall>on</p2pcatchall>
<bandwidthup>4</bandwidthup>
<bandwidthdown>100</bandwidthdown>
</step5>
<step7>
<msrdp/>
<vnc/>
<appleremotedesktop/>
<pcanywhere/>
<irc/>
<jabber/>
<icq/>
<aolinstantmessenger/>
<msnmessenger/>
<teamspeak/>
<pptp/>
<ipsec/>
<streamingmp3/>
<rtsp/>
<http/>
<smtp/>
<pop3/>
<imap/>
<lotusnotes/>
<dns/>
<icmp/>
<smb/>
<snmp/>
<mysqlserver/>
<nntp/>
<cvsup/>
</step7>
</ezshaper>
</pfsense>
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org