• Ipencap pf

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    S

    Can't say that I have ever seen the need for this.  Can you explain why that option is only needed in you're case?

  • Firewall problem … or maybe it's just me ;)

    Locked
    7
    0 Votes
    7 Posts
    7k Views
    H

    Just keep in mind: You always have to block Incoming traffic at an Interface, so if you want to block traffic from LAN to Opt1 your rule has to be applied to the LAN Interface.
    In your scenario I would use some Aliases to get your blacklist function and to keep number of rules low to have a better overview:

    at all Interfaces:

    block proto any source-ip "blacklistip" source-port any destination-ip any destination-port any
    block proto tcp/udp source-ip any sourceport any destination-ip any destination-port "blacklistports"
    pass proto any source-ip <interface>subnet sourceport any destination-ip any destination-port any

    Needed Aliases for this:

    blacklistip -  hosts alias with all blocked IPs
    blacklistports - ports alias with blocked ports

    This way you can simply add your IPs to the blackistip alias or ports to the blacklistports (at least if you want to handle them all the same way). For special needs you can combine ports and hosts aliases or invent more aliases. Try to use the alias system as much as you can. It can simplify things a lot.</interface>

  • Black and whitelist

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    H

    That will most probably be a feature of 1.1 alias system. Not yet doable.

  • Pfsense and Asterisk….one-way audio problem with SIP

    Locked
    18
    0 Votes
    18 Posts
    27k Views
    K

    I did not get things working with siproxd and asterisk. Maybe I am feeling slow to day, but I am not getting it. Where should my asterisk box be pointing. I have a connection with iconnecthere and sipphone, and fortunately these are my only 2 SIP based providers. So what I need to do to the asterisk side so I can route my SIP accounts through siproxd on the pfsense box?

    K

  • Firewall rules advanced options

    Locked
    5
    0 Votes
    5 Posts
    13k Views
    S

    @Leoandru:

    @billm:

    The client connection limit and max connections/second are for the rule.  Soooo if client connection limit is set to 10, you can have 10 state entries total, it could be 10 from one host, or one each from 10 hosts.  New connections/second works the same way.

    –Bill

    Is it possible to have the Simultaneous client connection limit work on a per host basis? It would be a nice feature. I have been having problems lately with persons running bittorrent opening many connections all at the same time.

    EDIT:

    What about an option for limiting the total number of connections per source? "max-src-conn"
    In other words, limit the maximum number of simultaneous TCP connections which have completed the 3-way handshake that a single host can make.

    Work up a GUI + filter.inc patch and we will entertain it.

  • Firewall Log every 7 minutes

    Locked
    17
    0 Votes
    17 Posts
    13k Views
    E

    Ok… I wait...

    Thank!!

    Let me know if you need any test...

  • Subnet 2 and DMZ have no Internet access.

    Locked
    16
    0 Votes
    16 Posts
    14k Views
    J

    do you have setup the firewall rulles for ping ?
    if you put on the lan tab the opt1 tab and the opt2 tab this rule
    icpm * * * * *

    then they can ping lan network opt1 netwerk opt2 network and the internet

  • SSH and Ping problem

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    I

    It works
    Thanx a lot

  • Pfsense lockup?!?!? state table SOLUTION

    Locked
    9
    0 Votes
    9 Posts
    7k Views
    Z

    @sullrich:

    Aren't you comparing apples to oranges?  Last time I checked m0n0wall doesn't support atheros.

    True, m0n0wall doesn't support Atheros. I need to check this with the atheros card removed.

  • Squid & Firewall

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    C

    apparently now works fine, thk sullrich :D

  • How to make siproxd transparent?

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    S

    Wait for beta2 which has a static port option.  Search the forums for more information as this has been talked about already.

  • Beta-1 Aliases Bug (minor/simple)

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    S

    Yep.

  • How to block bittorrent??

    Locked
    4
    0 Votes
    4 Posts
    14k Views
    S

    In my experience blocking 6881-6999 will help in most cases.  A more effective solution involves squid.  Look at one of the squid threads for my suggestion of this feature.

  • Multiple Subnet behind pfsense firewall.

    Locked
    2
    0 Votes
    2 Posts
    4k Views
    H

    This is the same problem like here: http://forum.pfsense.org/index.php?topic=293.0
    You have to use advanced outbound nat to create additional nat mappings for the internal networks pfsense doesn't see directly (in the webgui at Firewall>NAT, outbound tab).

    Also make sure you have all routes setup accordingly.

  • Vlan -> DIOCSETSTATUSIF error

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    J

    Don't worry, my NIC can't support 802.1q ;-)

    delete this

    Thank you

    Merry Christmas ;-)

  • Troubleshooting Help

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    S

    Use the virtual ip option and setup the ips as CARP or PARP.

    Although inputting 8 class c's is not going to be fun!

  • Alias

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    S

    Be carefule with update_file.sh … It pulls from CVS HEAD and not RELENG_1.

    Speaking of which, it's time to fix this problem.

  • Firewall/NAT rule Enable/Disable toggle

    Locked
    5
    0 Votes
    5 Posts
    5k Views
    P

    LOL … nope!  ;)  Guess I should go back to my roots of just trying to click on everything!

    Thanks again...

    -- Phob

  • MOVED: Routed Subnet on LAN

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Inactive forwarded ports show "Closed" not "Stealth"… Why?

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    P

    Determined that the problem was due to a software firewall glitch on the workstation, not the fault of pfSense.

    Thanks!

    – Phob

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.