@Gertjan Well, by unsupported in these contexts, I mean: the phone was not designed for market in the Americas, so the frequency bands on the modem are not the best match (I'm always getting 1-2 bars of reception basically), and Jolla, the company that owns Sailfish OS, considers people in the Americas to be "on their own" as I understand it, despite officially supporting/maintaining the software for the Xperia 10 III specifically. So I have the community support in their forum as my only fallback. Something I see in their forum is that problems with MMS are not considered a serious issue for them because it's being phased out in Europe, or it's insecure, or something like that. Anyhow, specifically it is only the uploading and downloading of MMS content that doesn't work. I'll still get the bubble telling me I have an MMS to download when one has been sent to me. Cellular internet, SMS, and voice calling all function normally. - And at least nowadays, MMS content gets counted against my monthly cellular data usage, and will not send or download with cellular data disabled. I'll bring up the network stack idea at the other forum. Is a messed-up stack something that could be fixable?

Following up from: https://redmine.pfsense.org/issues/16821 Essentially when the filter is reloaded (i.e. the rules are generated and loaded) there are some checks to determine if it's possible to monitor the gateway accurately. For the "gateway monitoring" block rule to not be added the following is necessary at the time the filter reloads: The gateway IP must be valid. The monitoring IP must be valid. The redmine issue states "dpinger is running with the correct bind address and monitor target". That likely means that the block rule was added because the gateway address was unavailable. I expect for the filter to have been reloaded once the DHCP interface was ready; it seems like that didn't happen. With some additional logging perhaps we can better understand what may be happening. The following patch can be applied on 26.03. To test, add and apply it with the System Patches package and make sure that logging (Status > System Logs > Settings > Default Log Level) has been set to at least "Notice". Once the issue reoccurs, get all of the system log files (/var/log/system.log*), compress them, and share the archive for review. Patch: https://nc.netgate.com/nextcloud/s/gCLiC7DeMQedYGr Logs upload: https://nc.netgate.com/nextcloud/s/ZsjmKBpcqji3tnw

@Jarhead said in Firewall Rules: Of course it will. Anything not allowed will be blocked by it. No it won't since right above it you have a reject all IPv4.. How would something that is ipv4 get by the reject rule?

I probably would use it for blocking, even if WANs are included. I will put an allow WAN-Subnet before it, if needed ...

@SteveITS (SOLVED) Thank you for the information. if I "killall filterdns" and then Status>Filter Reload, the table is immediately updated.

You're doing something incorrectly. Can you screencap what you mean by: I have enabled IPv4 Suppression within pfBlockerNG and set an IP address with /32

Sorry for the delay. An update to Sense “fixed” the problem—but I suspect the issue was caused by the client rather than Sense.

@Gertjan yeah I don't run dnsbl service, I just use pfblocker for alias creation that I use in my own rules. Just wanted to explain what he was seeing with this ps command, it didn't find anything via his grep

If I’m not mistaken, the issue you’re facing is not caused by your configuration but by a limitation in the Asus router firmware. Even with NAT disabled, firewall disabled, and correct static routes, an Asus router operating in Router Mode does not allow routing from the WAN interface toward the LAN network. The WAN interface always treats the upstream device (pfSense in your case) as “Internet”, which means it blocks any attempt to reach LAN clients in the 192.168.50.0/24 subnet. This is why you can ping the Asus WAN IP from pfSense, but you cannot reach any clients behind it. If you need full communication from pfSense to the devices behind the Asus, the only supported solution is to run the Asus in Access Point Mode, so it becomes part of the same LAN (192.168.10.0/24). For the use case you described (Portainer, Docker, InfluxDB, Grafana), a separate subnet is not required. In AP Mode all services will be directly reachable, and pfSense’s Telegraf can send metrics to InfluxDB without any routing or NAT-related issues.

Thank you @SteveITS for the reply. Yes this is for the VLAN20 interface. DNS is working for its devices when the first rule's gateway was "failover" and also when this is now set to asterisk. I have finished setting the first rule of all VLANs from gateway "failover" to asterisk and everything is working. Thank you for this clarification.

I also verified the university's ranking today when I was on campus, and it’s consistently poor: 89/100 and blacklisted for fraud. It’s clear the score is based on network and hardware functionality—like proxy usage—rather than specific physical attack data. They seem to notate anyone that uses a proxy as fraud. I found a way to mask the proxy use for Squid and that helps. Now most sites do not see I have a proxy, maybe that will help who knows. I stopped getting cloudflare pop ups that is for sure.

@JonathanLee For myself, I've just one open port on my WAN (both IPv4 and IPv6) : "1194 UDP" also known as OpenVPN. RDP, SSH, MySQL etc etc etc etc are all on the 'never ever expose these on the Internet' list. Don't worry about IPv6 scans. It's like looking for and counting stars in the galaxy, looking for planets and live on it ^^

@beatvjiking did you ever determine what was causing this? I am experiencing the same issue on CE 2.8.1. This weekend I spent some time building a test machine, and the initial vanilla build logged firewall events. Once I applied the config from the problem machine (and the packages associated), the problem returned. I am going to dig a little further, but my initial suspects are HAproxy and Suricata. I have a machine at another location that does not require HAproxy, it's running 2.8.1, and the log file is populating.

@SteveITS that's right. The two switches not being accessed are L2/L3 and lost the internal VLAN routing. I re-enabled it by accessing from VLAN1 and re-adding an IP on both Switches' VLAN10 interface: both got accessed again from VLAN10 devices. Now I'll properly go (hopefully) through ACL settings to limit access to some devices only. Thank you very much for pointing me in the right direction.

@johnpoz thanks. I should of google it first. i found the answer on an old thread. For the benefit of somonelse and possibly me, i will say look in the table of diagnostics and there will be an entry named after your alias. I only had two fqdn entries . i dont know what happened. it just started working after i deleted it then recreated it. Maybe it got corrupted somehow. i didnt know about diagnostics then so I didnt have a look

@johnpoz said in using domain name in rules: since are you not in the EU? Afaik, France, where I am, is still part of the EU

@bmeeks said in Best Suricata version for IDS + AI Anomaly Detection on RPi (16GB RAM): Not good to run a mail server on your firewall. Oh shit - it's not, damn now I have to redo a bunch of stuff.. Just a joke - hehehe

@kohara I was concerned that I needed to pass this traffic, but now I don't think that is the case. pfSense has default allow rules setup for necessary IPv6 traffic. I deleted the rule I created and have my logging setup like this below. I don't get much of anything in my logs except for a couple of WAN log entries per day. [image: 1774058469082-9f6fe712-7f16-4d78-beda-b123224ebb75-image.png]