Firewalling

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you may not be able to execute some actions.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

Firewalling

Allow Hostnames in CP
• mohkhalifa

4

0
Votes

4
Posts

57
Views

also we are receiving all our emails from office.com or microsoft.com as using Office365 service
K

rtmp streaming is blocked
• kirshman

1

0
Votes

1
Posts

25
Views

No one has replied
A

Multiple Alias Names in Destination Rules
• archedraft

5

0
Votes

5
Posts

1430
Views

hosts
S

Communication between mobile on Wan and printer on LAN
• Simone283

3

0
Votes

3
Posts

24
Views

S

Just as I thought...
N

Performance better with aliases or pfBlockerNG for filtering inbound IPs
• noplan

4

0
Votes

4
Posts

36
Views

You can also just maintain your own aliases based on list.. Example I have this one. Comes down really to where you getting the list and what is easier ;) But sure not running pfblocker if you don't need/want it would be less resources used.
S

Harden security for outbound ports
• simon_lefisch

8

0
Votes

8
Posts

204
Views

N

@Gertjan said in Harden security for outbound ports: you'll be spending most of your time looking at ... the logs. And keep on eye on used system resources like RAM and CPU usage this is a true statement ! to keep in mind RAM is the issue when you start to play around with pfB
S

Firewall rule for WireGuard & Ras Pi
• S762

3

0
Votes

3
Posts

33
Views

S

Thanks Rico, I’d like to get it working on the Ras Pi because I don’t want to torpedo my pfsense install for something I’ve done incorrectly plus I’m sort of half way there with the Pi even though it’s not there yet. That said I do have a test pc with pfsense and a 4 port intel nic so I probably try to that unofficial WG install on it, that way if I do something wrong I don’t lose everything.
P

Question about rules between VLANs
• pacmac

1

0
Votes

1
Posts

25
Views

No one has replied
T

Force youtube to go via vpn
• trumee

1

0
Votes

1
Posts

27
Views

No one has replied
S

Require to access internal webserver with virtual IP
• santosh

1

0
Votes

1
Posts

21
Views

No one has replied
T

Floating Rules Question
• tman222

1

0
Votes

1
Posts

21
Views

No one has replied
K

Routing outgoing trafic
• kzurad

3

0
Votes

3
Posts

33
Views

K

Thank you, @viragomann It works.
F

packets lost in WLAN and LAN connection
• Frosch1482

2

0
Votes

2
Posts

30
Views

F

Hi guys, I don´t know why but I´ve overlooked following article from the official documentation: https://docs.netgate.com/pfsense/en/latest/hardware/troubleshooting-lost-traffic-or-disappearing-packets.html Currently it seems, that checking the checkbox is solved my issue. I´m happy now, but i will continue monitoring the topic Best regards Frosch1482
G

Set Up Firewall Rules on a Backup WAN Interface
• gpeting

9

0
Votes

9
Posts

63
Views

G

@user_three Thanks, I think this Noplan was suggesting. I'll give it a look
M

Delete Firewall rule CLI
• mskubi

1

0
Votes

1
Posts

13
Views

No one has replied
A

Guest LAN can't access internet after VPN change
• aakelley

1

0
Votes

1
Posts

28
Views

No one has replied
U

How to add exception for WAN Block private networks and loopback addresses and...
• user_three

1

0
Votes

1
Posts

33
Views

No one has replied
I

This topic is deleted!
• indoxxi

1

0
Votes

1
Posts

6
Views

No one has replied
O

Optimize pfsense to receive incoming 300 connection
• openaspace

1

0
Votes

1
Posts

34
Views

No one has replied
Filter logs showing traffic that doesn't make sense
• dnx

4

0
Votes

4
Posts

40
Views

II worked it out. I had to add a Floating rule of Pass - src 'this firewall' - dst Internet Host IP - Quick - No Log. That seems to make sense given NAT. I understand things being matched as IN now also, all interface rules are IN. Although I'm still a little confused as to how I can have that floating rule only match if the traffic originated from the one specific LAN port (or if that's even useful) - and it seems it's default to log on the default rule, which means you kinda get double logs if it already matches on interface specific rules.
S

Rule not applied on LAN
• StanthewiZZard

7

0
Votes

7
Posts

25
Views

S

Yes On the openvpn I will On other machine (33), it will be a mess !
M

Firewall state created against loopback when PPPoE down
• MH-NZ

1

0
Votes

1
Posts

35
Views

No one has replied
Z

Nessus scan intermittently blocked
• zorrox

2

0
Votes

2
Posts

37
Views

What are your Nessus discovery settings? When you say only some are able to go through, what are the symptoms you see of this? Do you know for certain that the internet host is online, and not blocking your requests? Have you checked the firewall logs during the time a scan is run? If not, it'd be a good idea. I run a Nessus scan out to an internet host daily and haven't had any problems (except for the passes being logged even though I have rule entries to not log... which is why I'm here)
S

How to see logs for specific firewall rule?
• seanmcb

8

0
Votes

8
Posts

105
Views

Ok, thanks. That should explain the difference. I'm using the latest pfSense RC version 2.4.5.r.20200318.1500 which will probably be (very close to) two dot four dot five. edit : btw : rock solid - for my usage.
N

Firewall blocks traffic coming from Linux NAT
• nvmuc

1

0
Votes

1
Posts

34
Views

No one has replied
P

SG-3100 OPT1 Firewall configuration - basic help appreciated!
• paul_endeavour

4

0
Votes

4
Posts

47
Views

Ok, great. @paul_endeavour said in SG-3100 OPT1 Firewall configuration - basic help appreciated!: under Firewall / NAT / Port Forward Keep in mind that, when you need to access IPv4 devices that are on a LAN, you need to create NAT rules. The pfSense GUI, the SSH and VPN do not need a NAT rule. These 3 services are listening on any interface already, which includes WAN - VPN listens on the interface you choosed. The (hidden) default WAN firewall rule protects them from being accessed from the outside. So, see my image above : a simple firewall will do to let, for example, http traffic into pfSense to port 80 and your GUI is exposed on that interface. A very bad idea of course, but that's another story.
S

Blocking outoging connections: LAN and/or IPSec?
• seanmcb

1

0
Votes

1
Posts

28
Views

No one has replied
B

PFSense blocks VPN Connection to company
• brainzina

20

0
Votes

20
Posts

123
Views

B

That was my understanding too but it did not work. Ironically it work with other DNS servers as the one of my PFSense.
The firewall appears to be blocking outgoing text messages from my phone ...
• gweempose

116

0
Votes

116
Posts

2653
Views

L

Just a quick update, the final resolution for this ended up being to replace the Samsung 9plus with a Pixel 4XL. It has been working reliably for a week using wifi calling. Not every network problem is pfSense's fault. As an additional example of problem network clients, I use home automation software called Homeseer 3. The smartphone app can only access it from inside the network by IPv4 address, not from the WAN by domain and IPv6. But it can be accessed from the WAN by IPv4. It is not a problem with pfSense configuration either. While I have to keep my home automation software and hope they fix it, I can work around it. But the Samsung phone not receiving calls on wifi was impossible to work around. Sometimes you have to be willing to trash a problem client.
C

having troubles with port forward
• comet424

2

0
Votes

2
Posts

21
Views

C

unless the stealth mode and closed is normal for port forward then maybe its server issues with the company I streaming to.. I just figure its my end since I cant get it to OPEN and is there a port tester site that works with pfsense to see if the port 8000 is open and is working well reason I come here as the company figures maybe router isn't really open as I been trouble shooting
N

Please check my rules on OPT port
• NGUSER6947

2

0
Votes

2
Posts

46
Views

Your rules just say opt can not go to anything lan net, everything else would be allowed. What would be in opt that would try and go to something in your lan? dhcp would tell client in opt to use pfsense opt IP for dns.. Your rules shows some minor hits on the rule, 26KB worth..
B

DNS host override / allow only specific DNS lookup
• Ben Ktz

1

0
Votes

1
Posts

20
Views

No one has replied
K

Port forwarding
• kdmiller61

2

0
Votes

2
Posts

31
Views

@kdmiller61 said in Port forwarding: forward ALL ports All you need to forward are the ports the application needs. Do not forget to check also TCP and/or UDP. If that is not clear or unknown, then the real issue is : the 'application'. https://docs.netgate.com/pfsense/en/latest/nat/forwarding-ports-with-pfsense.html tells me that : should work. This is what is called on other routers a "DMZ" rule. edit "1024" could be changed for "1"
S

Need advice on my firewall rule setup
• Ssaven

1

0
Votes

1
Posts

48
Views

No one has replied
I

Network firewall rules not doing what I expect
• incertia

7

0
Votes

7
Posts

275
Views

I

Aha, I figured out why the MGMT net rules were not working. I had edited my config.xml and renamed my opt interfaces. After switching the naming convention back to opt1, opt2, ..., we achieve normal operation.
M

Set up Failover to alternate VPN connection
• markgca

1

0
Votes

1
Posts

30
Views

No one has replied
_

Bug: Problem with schedules that go over to the next day
• _ToXIc_

18

0
Votes

18
Posts

1031
Views

E

I've been searching around for the answer to the one minute outage for rule application between 23:59 and 00:00. In my pfSense 2.4.4 setup, I've disabled the default allow all rule and I'm using allow rules for access (based on other guidance I've seen related to states referred to in this post as well). I have two groups of IPs, restricted and unrestricted. I have the restricted group set for 05:00-23:59, 00:00-01:00. The unrestricted group is set for 00:00-23:59. Everything loses access for the one minute between 23:59 and 00:00. Is the only answer to go back to block rules with some sort of cron to kill states (although I've not seen a definitive answer that this will work either)? That seems a bit overly complicated to achieve something so simple. Sorry if this has been solved somewhere. I just haven't been able to find it.
S

Using Open VPN service on XG-7100, prevent LAN clients connecting
• shapelytraffic

48

0
Votes

48
Posts

117
Views

S

@stephenw10 thanks for an easy answer. :D
K

Rule loading error, no IP address found
• kurppa

8

0
Votes

8
Posts

165
Views

P

@kurppa Awesome!
J

Outbound pass rules on assigned OpenVPN interfaces
• Jimbo123

3

0
Votes

3
Posts

35
Views

J

@viragomann Thanks for the reply. I already have manual outbound NAT rules configured for the interfaces. Everything is working fine but if I apply an outbound pass rule on any of the interfaces traffic goes out but doesn’t come back in. When I have time later I’ll check my firewall logs to make sure traffic is hitting the firewall on return.

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

1 / 186

Allow Hostnames in CP • mohkhalifa

rtmp streaming is blocked • kirshman

Multiple Alias Names in Destination Rules • archedraft

Communication between mobile on Wan and printer on LAN • Simone283

Performance better with aliases or pfBlockerNG for filtering inbound IPs • noplan

Harden security for outbound ports • simon_lefisch

Firewall rule for WireGuard & Ras Pi • S762

Question about rules between VLANs • pacmac

Force youtube to go via vpn • trumee

Require to access internal webserver with virtual IP • santosh

Floating Rules Question • tman222

Routing outgoing trafic • kzurad

packets lost in WLAN and LAN connection • Frosch1482

Set Up Firewall Rules on a Backup WAN Interface • gpeting

Delete Firewall rule CLI • mskubi

Guest LAN can't access internet after VPN change • aakelley

How to add exception for WAN Block private networks and loopback addresses and... • user_three

This topic is deleted! • indoxxi

Optimize pfsense to receive incoming 300 connection • openaspace

Filter logs showing traffic that doesn't make sense • dnx

Rule not applied on LAN • StanthewiZZard

Firewall state created against loopback when PPPoE down • MH-NZ

Nessus scan intermittently blocked • zorrox

How to see logs for specific firewall rule? • seanmcb

Firewall blocks traffic coming from Linux NAT • nvmuc

SG-3100 OPT1 Firewall configuration - basic help appreciated! • paul_endeavour

Blocking outoging connections: LAN and/or IPSec? • seanmcb

PFSense blocks VPN Connection to company • brainzina

The firewall appears to be blocking outgoing text messages from my phone ... • gweempose

having troubles with port forward • comet424

Please check my rules on OPT port • NGUSER6947

DNS host override / allow only specific DNS lookup • Ben Ktz

Port forwarding • kdmiller61

Need advice on my firewall rule setup • Ssaven

Network firewall rules not doing what I expect • incertia

Set up Failover to alternate VPN connection • markgca

Bug: Problem with schedules that go over to the next day • _ToXIc_

Using Open VPN service on XG-7100, prevent LAN clients connecting • shapelytraffic

Rule loading error, no IP address found • kurppa

Outbound pass rules on assigned OpenVPN interfaces • Jimbo123

Products

Services

Support

News

Resources

Company

Our Mission

Subscribe to our Newsletter

Allow Hostnames in CP
• mohkhalifa

rtmp streaming is blocked
• kirshman

Multiple Alias Names in Destination Rules
• archedraft

Communication between mobile on Wan and printer on LAN
• Simone283

Performance better with aliases or pfBlockerNG for filtering inbound IPs
• noplan

Harden security for outbound ports
• simon_lefisch

Firewall rule for WireGuard & Ras Pi
• S762

Question about rules between VLANs
• pacmac

Force youtube to go via vpn
• trumee

Require to access internal webserver with virtual IP
• santosh

Floating Rules Question
• tman222

Routing outgoing trafic
• kzurad

packets lost in WLAN and LAN connection
• Frosch1482

Set Up Firewall Rules on a Backup WAN Interface
• gpeting

Delete Firewall rule CLI
• mskubi

Guest LAN can't access internet after VPN change
• aakelley

How to add exception for WAN Block private networks and loopback addresses and...
• user_three

This topic is deleted!
• indoxxi

Optimize pfsense to receive incoming 300 connection
• openaspace

Filter logs showing traffic that doesn't make sense
• dnx

Rule not applied on LAN
• StanthewiZZard

Firewall state created against loopback when PPPoE down
• MH-NZ

Nessus scan intermittently blocked
• zorrox

How to see logs for specific firewall rule?
• seanmcb

Firewall blocks traffic coming from Linux NAT
• nvmuc

SG-3100 OPT1 Firewall configuration - basic help appreciated!
• paul_endeavour

Blocking outoging connections: LAN and/or IPSec?
• seanmcb

PFSense blocks VPN Connection to company
• brainzina

The firewall appears to be blocking outgoing text messages from my phone ...
• gweempose

having troubles with port forward
• comet424

Please check my rules on OPT port
• NGUSER6947

DNS host override / allow only specific DNS lookup
• Ben Ktz

Port forwarding
• kdmiller61

Need advice on my firewall rule setup
• Ssaven

Network firewall rules not doing what I expect
• incertia

Set up Failover to alternate VPN connection
• markgca

Bug: Problem with schedules that go over to the next day
• _ToXIc_

Using Open VPN service on XG-7100, prevent LAN clients connecting
• shapelytraffic

Rule loading error, no IP address found
• kurppa

Outbound pass rules on assigned OpenVPN interfaces
• Jimbo123