Fixed. Awesome. Thanks!

Might help http://doc.m0n0.ch/handbook-single/#id11642774 or the pfSense book http://blog.pfsense.org/?p=509

If you run pfctl -vvs Tables in the Diagnostics…Command Prompt you will see pfSense is using tables.  Now having better functionality so you can add your own would be nice.  I too come from OBSD... Aliases is an option, but better table support is the "right" way to do it  ;)

http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F

Hmm, okay. :)

You will also see log entries for traffic which is allowed in from UPnP if you turned that on, but as others said, it's probably the FTP helper.

ok, thank you! best wishes

Sorry, misread the OP.  I saw the comment about logs filling up by 'default deny' and replied to that :)

The way you describe it, it sounds like you know every client which has access over the pfSense. You could also enable the Captive Portal, put all known MAC addresses on the passthrough list, and all unknown MACs will be displayed the CP. Or even more clamped down: Create for each client you know a static mapping on the DHCP server page, and then enable static ARP. Meaning only the MACs you specified on this page will be able to talk with the pfSense. Other MACs wont even get an answer to a DHCP-request.

Hi Froeschli, I don't actually want to add Filter Rules, I'd be completely fine if it passed any of the traffic without blocking it (Like it does at the moment) I'm not sure how (if there's no option in 1.2.2) i can tell the Firewall to stop blocking my traffic. However, there's a (sort of) weird scenario that I have when SSHing to one of the Remote-VPN Servers. I can stay on them like 5-10 Seconds and then the connection closes, so the Firewall doesn't seem to block directly, but within a certain time window. Could it be that the connection aborts because on their way back they answer through the 2nd vpn gateway? Like this: My PC -> VPN Gate 1 (Firewall) -> (Internet) -> Remote VPN Gate 1 (Firewall) -> Server I want to talk to -> Remote VPN Gate 2 (VPN Server) -> -> VPN Gate 2 (VPN Server) -> My Pc Could that be a problem? Maybe because of identification issues? Like.. Sending a request to one vpn Server (FW) and getting an answer back from the other vpn server? Thanks for the Help Kind regards, Stefan

no, things works like this first PFS machine is conected to ISP router, and it is firewall/proxy/vpn etc… (only 2 nics) second one (6 nics) is connected to first one, and second one connects multiply networks into one, BUT, i dont want users to see each other so i need firewall that works. And port forward, i need it to forward ports from internet to internal radius etc... whic is connected to one of 6 interfaces on second PFS. i didnt try to use opt interface on second pfs as WAN interface, bit i think it would work. ?

Just trying to see if my rules are being refreshed by cron, but they don't seem to be refreshed. I've just upgraded to v1.2.3 release and the rules still don't seem to be refreshed.  My crontab reads: 0      *      *      *      *      root    /usr/bin/nice -n20 newsyslog 1,31    0-5    *      *      *      root    /usr/bin/nice -n20 adjkerntz -a 1      3      1      *      *      root    /usr/bin/nice -n20 /etc/rc.update_bogons.sh */60    *      *      *      *      root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout 1      1      *      *      *      root    /usr/bin/nice -n20 /etc/rc.dyndns.update */60    *      *      *      *      root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot */60    *      *      *      *      root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c */5    *      *      *      *      root    /usr/local/bin/checkreload.sh */5    *      *      *      *      root    /etc/ping_hosts.sh */140  *      *      *      *      root    /usr/local/sbin/reset_slbd.sh 0,15,30,45      *      *      *      *      root    /etc/rc.filter_configure_sync 0      0      *      *      *      root    /usr/local/sbin/squid -k rotate */60    *      *      *      *      root    /usr/bin/perl /usr/local/www/lightsquid/lightparser.pl today Any thoughts?

I have done some more test and have log looks like below. The traffic passed but connection always timeout. Dec 18 11:44:59 LAN 192.168.1.10:63705 192.168.2.5:53 UDP ping,vnc,ssh all traffic passed, but get timeout after a while. Before move to pfsense from m0n0wall, I also tried pfsense 1.2.1,1.2.2 release. Those release have the same issue. But 1.2.0 release works great, any knowen issue for later release? Using WebUI ping utility from DMZ interface to 192.168.2.5 also got 100% packet loss. Thanks,

plz post your rules! and you should the only bridge options for have 'opt1' set to (lan) and the 'type' set to static

Perfect! The rules was the problem, i tried fiddling with them earlier but i guess i got something wrong. Now its working! Thanks! Gonna reconfigure and change the live firewall later and see if it takes care of the original problem with the unreachable host.

Ah yes there is only /31 available. But this is only if you select in the drop-down "network". You can select "Single host or alias". With that you can specify a single IP.

some of these are normal, as the m0n0wall doc explains.  why do you think you have a problem?