• cannot block cross traffic on sg-2100

    3
    0 Votes
    3 Posts
    40 Views
    S

    @detox said in cannot block cross traffic on sg-2100:

    I need to restrict traffic from VLAN1 &2 to WAN only. Any suggestions?

    See:
    https://docs.netgate.com/pfsense/en/latest/solutions/netgate-2100/opt-lan.html#isolated

  • Firewall rules

    4
    0 Votes
    4 Posts
    48 Views
    V

    @John_McNoob said in Firewall rules:

    With firewall rules

    I'd expect, that it at least resolves the host name, but it presumably can't.

    Maybe it uses another local DNS server, which it is not permitted to access then.
    Try dig to verify.

    dig google.com
  • 0 Votes
    25 Posts
    409 Views
    P

    @johnpoz
    Thank you for validating my thoughts and setup
    By the way, the best thing I did was moving intervlan routing to pfsense and keep fast 10 Gb servers on same VLAN on the switch. So simpler to maintain and stopped using the asymmetric insecure routing for internet

  • Port forwarding in 2.8

    5
    0 Votes
    5 Posts
    82 Views
    P

    @Gertjan

    I don't have the energy to verify why it's rejecting the gateway. Perhaps something has updated in the NAS (OMV) in the meantime. The important thing is that it works, thx :)

  • Redirect DNS queries to PiHole in Docker

    3
    0 Votes
    3 Posts
    81 Views
    J

    @AndyRH :

    Many thanx to you. I've implemented your rules and they seem to work exactly as intended.
    Most surprisingly for me, they do this without dedicated firewall rules.
    Thumbs up!

    Best regards

    JD.

  • Blocking IoT (Meross) Garage Door opener to internet

    1
    0 Votes
    1 Posts
    31 Views
    No one has replied
  • Blocking URL's in Pfsense firewall for specifi range of IP

    Moved
    17
    0 Votes
    17 Posts
    914 Views
    stephenw10S

    Well like I said I've tried to do that so.... I'm not sure. 😉

    Does it work? I'd expect to see a load of errors when it creates the test config of there's a problem.

  • Alias error

    26
    0 Votes
    26 Posts
    1k Views
    S

    @Gertjan said in Alias error:

    This looks like a IP "range" :

    That's how multiple IPs are listed in the xml file. (I had to look)

    Putting in my "programmer hat" I would guess there is some other alias or entry in the config file that is invalid and causing problems. Non-standard characters, maybe. Maybe, drag/drop the file into a browser window or XML parser, since at least Firefox will read/display the XML.

  • IGMP ...need understanding...?

    4
    0 Votes
    4 Posts
    81 Views
    N

    @SteveITS Thank you for the info ! I think I have a better grasp now on what my issue was. Since I disabled IGMP Snooping in the Unifi controller for my IOT net and associated VLANs I have not had any more notices in the firewall log (I still have the pass rules with log on, but nothing is showing in the firewall log, so I assume there is no more IGMP traffic. Cheers

  • 0 Votes
    1 Posts
    31 Views
    No one has replied
  • 0 Votes
    5 Posts
    84 Views
    JKnottJ

    @JonathanLee said in To Default Reject Or Block That is the Question.:

    I wanted to share this with you incase you ever asked the question what the difference its between block or reject...

    A block just drops the packet, without any other response. A reject sends an ICMP message back advising why. You want to use block on the WAN, so that the attacker has no confirmation there's something there. Use reject on the LAN, so that an issue can be identified.

  • PfSense keeps Port 21 open??

    20
    0 Votes
    20 Posts
    4k Views
    JonathanLeeJ

    Screenshot 2025-07-07 at 18.35.31.png

    You know what it was I had it set to reject and not block HAHA I can't believe I didn't see that before, that is a Homer Simpson moment.

    Screenshot 2025-07-07 at 18.38.12.png

  • 0 Votes
    2 Posts
    46 Views
    F

    This issue has since resolved itself though the root cause is unknown and there have been numerous changes made to the firewall between when it was last observed to not work vs. now when it is working.

  • 0 Votes
    21 Posts
    562 Views
    johnpozJ

    @rasputinthegreatest normally hosting stuff on big cdn networks is not cheap - and would assume they do some vetting of what is being hosted/served. Not saying stuff can not be compromised - but seems unlikely some malware people would choose to host their crap there to be honest. While that cdn is not a global player to the likes of aws/azure or clouldflare, etc. They are not a ma and pop vps hoster ;)

    Glad you got it figured out - and this thread might be very helpful for the next guy.

  • Cisco VTP and PFSense ACL

    1
    0 Votes
    1 Posts
    44 Views
    No one has replied
  • Inter VLAN Access

    6
    0 Votes
    6 Posts
    231 Views
    O

    @Gertjan

    I figured it out. It was my old IPSEC tunnel. It was capturing the traffic, so the rules never really impacted the traffic. Once I removed the IPSEC tunnel, the rules started working, as mentioned.

  • Direction in firewall states: CLOSED:SYN_SENT

    1
    0 Votes
    1 Posts
    75 Views
    No one has replied
  • 0 Votes
    7 Posts
    241 Views
    E

    @viragomann Yes, actually, I made Allow any to any rules for all interface including bridge interfaces for testing. I wanted to see traffics going right direction and compare what I expected.
    However, after I provides IP address to bridge, I'm getting less information from firewall.

    From the firewall state, (PC-B to PC-A)
    [Any 10.10.40.4 -> 10.10.30.3 SYN_SENT:ESTABLISH]
    BRG2 10.10.40.4 -> 10.10.30.3 SYN_SENT:ESTABLISH
    BRG1 10.10.40.4 -> 10.10.30.3 SYN_SENT:ESTABLISH

    However, I found two solutions.

    Creating rules in floating tab with enabling quick Make BRG1, BRG2 as a one interface group and creating rule.

    I have no idea why those can be the solutions but seems like there's something related rule priority.

    Thank you for taking care of my issue.

  • pfsense seems to be blocking out access to a banking site

    8
    0 Votes
    8 Posts
    212 Views
    C

    @johnpoz

    Many thanks for the help, advise and comments noted.

    Thanks again.

    CC

  • Configuration while on running pfSense

    2
    0 Votes
    2 Posts
    104 Views
    L

    @chris-doldolia Hello! You can safely make configuration changes on a running pfSense firewall, it's designed for that. Most settings apply immediately without needing a reboot, though some services (like IPsec, OpenVPN, or interface changes) may briefly interrupt traffic when restarted. Just make sure you have console or alternate access in case something goes wrong.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.