@jknott IPSec tab: forbid all but port 80 (for example) Wireguard: Allow all OPT: Allow all Result: When i ping a host connected through Wireguard, there is no reply. When i put a rule that allows ICMP on the IPSec tab, the ping goes through.

@macos Hi, any updates on this? Don't think it needs any specific rules since it it the one establishing the tunnel to Cludflare. I'm running it succesfully behind CG-Nat, from my Unraid Docker. Was looking to make it run on pfSense.

The snort2c table is automatically created by pfSense no matter if the Snort or Suricata packages are installed or not. That table is a default construct in the firewall initialization logic. There is a built-in pfSense pf firewall rule that references that table name. Any IP address placed in that table is blocked. The table is cleared each time pfSense is rebooted, or it can be cleared by manual user action (under DIAGNOSTICS > TABLES you can select the table for viewing and then clear it out). Once an IP address is placed in that table by a Snort or Suricata installation, it remains there until manually removed or the firewall is rebooted. Thus simply removing the Snort or Suricata package or stopping the associated service will not necessarily clear the table. So blocks can remain even after the package is removed. There is an option on the GLOBAL SETTINGS tab of Snort to clear blocks when uninstalling the package. Suricata does not have this option, but I will add it to a future package update.

@creationguy Here are my rules for my guest WiFi. They allow only access to the Internet and also pinging the interface it's connected to. [image: 1664387622746-7ad4d54d-c6af-40da-b6a8-69de75ec7b3e-image.png]

@jarhead [image: 1664230335897-capture.jpg] Seems to be working, I applied this to the guest interface. Thank you, I thought it best to specify the IP and not the entire VLAN.

vlan 0 is reserved

@atxcoder you need a Web Application Firewall (WAF) to do that, pfsense FW rules block at the ip layer. x-real-ip is application layer. The traffic is allowed because it came from 10.0.10.4.

@bingo600 said in Application and Server Communcation Between Two Pfsense Firewalls: The current setup will only allow communications to be initiated from the Agent to the Server. Once initiated , the server is allowed to answer. So, I don't need to do inverse NAT, correct? So there is any problem with my elastic-agent. Thanks!

@twd-0 ++++++++++++

@frankzappa said in Firewall Rule for a single device: if you're not on the whitelis You could create an pfSense Alias with all these IP's, and make a pass rule with this alias. The server would only handle IP that are allowed, not being bothered by any other IP. So the server serves, the firewall firewalls.

@johnpoz said in Firwall blocking rsync by default, but allow rule in place: @toddehb its not states, its table entries, you know the thing that stores all the IPs that pfblocker is blocking, etc. yup, just noticed myself

@gzesku said in Citrix Viewer connection interrupted: I read somewhere that pfSense is randomizing source port for outgoing connections hence some NAT rules have to be applied for a stable connection. This is not the issue. If you required a specific source port to make the connection, you would never connect in the first place.

Done. Example confusion!

@paun What is the first letter of the device ? I guess an 'f' so the device driver name is fxp and that is the name of old intel ( ? ) NIC driver. The driver goes bad - or the hardware (the NIC) is bad / locked up. Try not using this NIC 'fxp0' any more. @paun said in command queue timeout: After all computers stayed without internet, That's a side effect. If your WAN or LAN interface goes 'broken' then all traffic stops.

@troy-0 The red X indicates a block rule. If the rule was disabled it is greyed out and in the action column you can see a check-mark button for enabling it. [image: 1663755024410-3104ac9c-ae80-46ea-9d04-ba8e5b87d842-grafik.png]

@publictoiletbowl Hi, New or not, why not posting in the pfBlokcerng forum ? [image: 1663744300179-615b2328-d87a-4904-a3b7-e3d8c21918a8-image.png] and have a look at the already present posts, as there is a lot to know. Btw : the DNSBL part of pfBlokcerng has 'nothing' to do with the 'firewall'. @publictoiletbowl said in new to pfblocker: Can't assign requested address for 127.0.0.1 port 953 It means that 'some one' ( a process ) is al ready listening on this port 953. This is most probably another instance of unbound that is acting as a zombie in memory, blocking resources like ports (files, memory etc). Do this ; In the GUI, stop the unbound process. Enter the console (better : use SSH), go for option 8. Enter sockstat | grep :953 if this lists one or more lines : you found the process that blocks port 953 ! Example : unbound unbound 53871 13 tcp4 127.0.0.1:953 *:* Your mission : kill it (kill them). Like kill 53871 where 53871 is the process ID. If there was more then one : kill them all. Now, in the GUI, start unbound. Do a full reload for pfBlockerng.