@rfinch23 said in pfsense default deny rule ipv4 1000000103:
To my knowledge nothing has changed.
This might be true .... but is really hard to do.
You're saying : since I installed this firewall, I did not use new devices on my own networks, neither did I upgrade any of these devices ....
If you did add just one new device, or updated just one, and this device 'crafts' internet packets that are 'wrong' (no big deal) then suddenly they start being captured by the final hidden block all rule.
Now : knowing what I just told you, did you 'change' something ?
I'm pretty sure you did ;)
You can see the logs that show the "ipv4 1000000103" line, you have the offending IPv4.
What happens when you remove this device from your network ?
What is this device ?
About :
@rfinch23 said in pfsense default deny rule ipv4 1000000103:
FreeBSD 12.2-STABLE (== 2.5.1) as Version 2.7.0 broke the tunnel.
Read Netgate Will Migrate to OpenSSL 3 in pfSense Plus Software Version 23.09
which means things won't get any better soon.
Example if a 'tunnel' uses encryption 'XXXX' and XXXX isn't supported anymore there will be a moment XXX won't work anymore on both side of the tunnel, for example : your phone app updates .... and now you're locked out.or your VPN supplier dropped old stuff : same result.
It's way easier to stay 'current' - and yes, have some hassle ones in a while because you had to change 'SHA1' to 'SHA256' on both ends. But at that moment, thousands will have the same question as you, so answers will be available here.
Keeping old stuff could mean you loose 'everything' and you have nothing to get back to.