@RedDelPaPa said in Suricata custom rule alerts but won't block: @bmeeks Just updated the suricata package and tried my original rule. It now works as it should! Thank you! Great! Thanks for the feedback.

Yea weird - I rebooted pfSense and same result. Reinitialization -- yeah that kicked things into gear. Thanks.

@trademark27 Well, I expect a rule to allow all would do that.

@Gertjan said in LAN Sharing stops on Pfsense: You do have to set a IP and net mask for every PC, though. Nope not even that - they would all just use APIPA (169.254.x.x)

@johnpoz said in Firewall Rule to Allow RDP from WAN to LAN......Need help: Sorry but NO... That would have zero to do with it.. You would of gotten an answer from unbound if running.. What you put in general has ZERO to do with that unless you had changed it to forwarder? And would of had zero to do with your client talking to 8.8.8.8 for dns.. So whatever you think the problem was - it sure wasn't that.. So your now redirecting dns?? I had asked you before if you were doing such thing.. Which sure that could of cause you all kinds of grief if that was setup wrong. Which you could of validated in like 2 seconds with as simple sniff that you could actually even talk to pfsense for dns. I went into deep dive and found the biggest culprit is SEP (Symantec Endpoint protection).... If I enable firewall it is not allowing DNS , If i disable it is working... [image: 1569819223368-symantec_issue.jpg] In symantec in firewall it has to "Allow IP Traffic" not "Allow only application traffic" this SEP culprit made me mad... Thanks Again...

How do you think that could work? While it could be possible to block an IP from your open port, you would need to know what this IP is. You could for sure block based upon geoip with say pfblocker. And ok if they started scanning every port or lots of ports you could block with IPS.. But that doesn't stop them if they hit your open port first in their scan, or 2nd, etc.

@NogBadTheBad No its pretry straitht forward thank you for any help the policy works very good now Greetings Snellie

@johnpoz thanks!, it was pretty clear

@johnpoz Thanks!

@raulsilva said in E-mail messages are not automatically received on outlook: I tried opening the door by searching on google, so I have no more ideas for solving this. First of all, describe your interfaces 'setup'. Is this a simple WAN and LAN ? What is the setup ? When you activate pfSense, there are no rules on LAN, so every device you hook up to LAN can access the entire Internet without restrictions. Nothing is blocked. This is btw a default behaviour - any router firewall on earth behaves like this (Ok, Maybe not Cisco ... I dono). So, what did you do .... tell us and we will tell you why you shouldn't do that - or do it differently. Btw : I use Outlook (from Office 365) myself on several PC's behind a pfSense. The trick is : to have Outlook get mails automatically, you have to set it up ... in Outlook. Like "every xx minutes do a sync with all mail boxes". Here it is for an 'old' Outlook 2010 : [image: 1569339521063-30487f84-9fde-45db-967a-80dc3cbc36ca-image.png] Thus : every 30 minutes Outlook collects mail from all my mail boxes. edit : sorry, my Outlook is 'French' ....

I've got 50/50 mbps for my internet connection. I'm not sure if the iPhone is maxing out the upload while backing up or not. Incidentally, I added as a port 1062 and 1448 to the port alias and low and behold the Gateway stays online and everything seems to be fine.

https://redmine.pfsense.org/issues/9763 It affected both the VLAN prio set and match options. You can install the System Patches package and then create an entry for 9f5ce9d4977e92b3f8cb509fef6905f59440ddc8 to apply the fix.

Normally firewall has a WAN ip that is public.. So if you do not use the built in firewall rule, or put in a wan address block.. Your block rfc1918 would not trigger.. So as always when wondering what you rules are going to do, walk down from top to bottom with your traffic and see what rule triggers or not.. If it gets to the end with no rules that allow or block triggering - then it would be blocked by the default deny that is not shown.. So lets say I took out that reject to firewall, and lets assume my firewall wan IP was 1.2.3.4, so now lets say someone want to hit the gui on my wan IP.. not triggered - its icmp and my dest is tcp 80 trying to hit gui nope not dns nope not ntp not there Nope dest is not rfc1918 yes my sorce is test net, and any is my dest port, and any is my dest IP.. Yup allowed, so now devices on this network could access pfsense webgui without that reject "this firewall rule" If you wan IP is rfc1918, ie its behind a nat - then yeah you wouldn't need that rule. But you could use it as a safety net, on the chance you change your network and pfsense now has a public IP.

@Edigest said in Multiple WAN IPs towards multiple isolated LANs: Did I miss something? Don't think so. You should turn off automatic outbound NAT, too and configure it manually: let those 127.0.0.1 and ::1 rules intact but remove all rules belonging to the DMZs and only map those networks (let's call them DMZ1/DMZ2) to their respective WAN IP you wish that subnet to have. Besides that and a tight firewall ruleset you should be good to go.

Thanks. I got HAProxy working.