It may also be that there is an existing firewall state for the connection you are trying to block. An existing state from a previous allow rule will still allow traffic even if there is a new block rule. The state must first expire, or be cleared, then the rule will work for that connection. Other, new connections should be blocked by the rule.

Beautiful! It Works!! Thank you very much for your help.

Yes it works just fine. I had to change my dhcp server settings, now my default gateway is the LAN address of the transparent firewall. I know why it works, with the default gateway, because the transparent firewall acts as a gateway, but I had no idea that a 'transparent' firewall would have to be used as the default gateway for pkg support. I guess I don't understand it completely.

if your switches support, you can use 802.1x authentication through MS IAS on the domain controller to block network access (not just the Internet, but the LAN access as well).

@TheLight: If i created an alias i will use this alias for the rule, the rule will be pass not block? so others will be block by default but not the ones in the aliases? Am i correct? Yes. For the passrule you can just modify the already existing passrule on the LAN tab.

Ok, can't wait untill it get released. thanks.

I solved the issues, incorrect default gateway setting on the host box I was trying to access. Thanks again for all the help

After trying everything I could possibly think of, I ended up reinstalling pfsense and things worked properly the second time around.

@iamthed: Doesn't matter. Any DDoS attack is going to knock you off the Internet unless you have a huge amount of bandwidth. State limiting can be effective here if you have a huge amount of bandwidth, otherwise there just isn't anything you can do, you're reliant on your ISP. @iamthed: Those things help, but don't solve the problem. Lot more to this than can be offered in a forum post, check out some security books.

@agismaniax: @cmb: If you insist on adding multiple IPs on a single interface, see: http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf can i use this setting with OpenVPN enabled? Yes

thx again to cry havok.. i'm not using static route.. because the pfsense crash after i using static route then i'm using bridge.. and it works now.. lol however thx cry havok.. regards

Is there a limit on how many rules you can have?  I don't think that I have that many, maybe 10-15 total?  The USB stick I am using to the config file is an old one that is only 128MB.  Is that the issue? Thank you, Ryan

Ok thanks

Create a firewall rule allowing traffic under "Firewall" –> "Rules" --> "OPT1"

Thank you jimp for pointing us to the answer. Though I see the point that is being made here, It seems absurd/alarming that the logs are reporting SO MUCH of this occurring… Makes me want to ignore the Firewall logs now. Which defeats the purpose of the logs, to begin with...

FYI: There's another current thread that is related to this. However, no one seems to want to reply. Look for: "strange outgoing traffic" in the Firewalling forum.

Right, and I read that.  It also says these exact phrases in the Advanced Settings page, but I'm looking for specifics.  Aggressive says is expires connections faster… how much faster?  10 sec, 5 sec?  I tried to look through the page to find the answer mysql rather then troubling the fine people of this board, but all the php source shows is setting the variable, so I'm wondering who reads that variable and makes changes on it so that I can understand this better.

You might be able to use Snort. I know there is a way to block Skype with Snort in pfSense, so there is probably a way for other messengers as well. http://www.carbonwind.net/Firewalls/BlockingSkypewithPfsenseandSnort/BlockingSkypewithPfsenseandSnort.htm