Hello! https://docs.netgate.com/pfsense/en/latest/firewall/preventing-rfc1918-traffic-from-exiting-a-wan-interface.html https://github.com/pfsense/docs/blob/master/source/firewall/preventing-rfc1918-traffic-from-exiting-a-wan-interface.rst ? And because someone, like me, might ask/wonder... https://forum.netgate.com/topic/119431/block-private-networks-what-does-that-do-what-is-it-used-for John

@humaxoid said in Config firewall: What kind of firewall is used in pfsense? Iptables or ...? Where does the firewall store the config? This will help you: Pfsense Documentation The config is under /config/config.xml Regards!

^^ this with openappid-streaming_media.rules or openappid-mobile.rules

on your opt, then sure..

Thank you for the answer

@Mats said in HOW CAN I PREVENT MY IP ADDRESS FROM BEING BLACKLISTED USING PFSENSE: @johnpoz simple fix, just implement https://www.ietf.org/rfc/rfc3514.txt :D Wow! This rates right up there with the invention of the wheel and sliced bread ... . Now thousands of Snort/Suricata rules and millions of IP addresses on pfBlocker IP lists can all be replaced with a single firewall rule looking for and dropping packets with the evil bit set. So simple even a child can do it.

It turns out that it was just pure coincidence that my change was made on the voice_network rules and that the root cause of this was a gateway being down on the secondary device and XMLRPC triggering the filter reload flushed states as this is what I have enabled.

@IsaacFL Thanks. Now that you mention it, I believe the the RFC was where I had found the info I used as well but had forgotten (buffer overflow, I guess...). Thanks again, all.

Yeah, I offered to pay a bit more. Their concern was unintended consequences that might affect other customers doing VOIP or video chat or what not. I'll pick up an SG-3100 and hope it will do the trick.

Hm, then it should work by typing the LAN IP of the ISP router. We have a similar setup at several clients and at my home. Perhaps in Status/System Logs/Settings check "Log packets matched from the default block rules in the ruleset" temporarily to see if pfSense is blocking you but as long as the outbound is allowed it should work.

If you want help with your rules, you going to have to show them.

I noticed that when it stops passing the private traffic there is no indication in the system logs that the traffic is being blocked and the watch I put on traffic when it passes, no longer indicates any of this private traffic is passing.

When you setup your internal block rules make sure to use rules like this: Pass from <management addresses> to This Firewall (self) on <management ports> Reject from any to This Firewall (self) on <management ports> There are other (and better) ways to do it depending on which services must be accessible to local clients, but the key is you should be using This Firewall (self) as the target to make sure that any addressable interface on the firewall is covered. Otherwise if you have a rule like: Block from LAN subnet to LAN address Pass from LAN subnet to any (for the Internet) You'll find that local clients can reach the firewall GUI and SSH using the external address or addresses on other connected interfaces.

@bmeeks that's it. it's Spectrum's modem . thanks

I just fired up my ThinkPad into Window 10. Both Wifi and Ethernet are on the same network and both show the same default gateway. Since you don't have a gateway on your Ethernet connection, you have some problem. Do a packet capture for DHCP and see what's on the wire for both interfaces.