@bob-dig Found those check boxes under General Logging Options in Status / System Logs / Settings. Thanks!

@viragomann @bmeeks thanks for your answers. So now I'm going to configure VLANs, seems to be more suitable solution.

Hello Everyone, Just to add a track: i had the same trouble with a pfsense. Rule allow all on top, however the Default deny rule IPv4 happened. In my case, that was due to the transparent proxy, with the option : Do not forward traffic to Private Address Space (RFC 1918 and IPv6 ULA) destinations. Explenations: the address i needed to browse, was a private address... By disabling this option (so enabling proxying private address), that solved the trouble. Thank to comunity

@joshhboss That's good!

@viragomann said in I am dying - HELP - Firewall fuck up: So you've probably an asymmetric routing issue That could be a possibility, @mhank says back up a couple they are running a PFSense HA setup. I would think a bit more information on the HA part could help. That's assuming HA is High Availability. Are there multiple pfsense boxes acting redundantly? Multiple WANs into a single pfSense box?

DHCP uses a broadcast, thus it stays in the same network. Enable the DHCP relay in pfsense. Also, you don't need to create those DHCP rules.

@STEVEITS look like PfBlocker was the reason It was blocking all outbound traffic. it looks like, if I made a change in the NICs, trying to change a 10/100 for a gigabit or back , I would not be able to browse the internet , it look like if i ran the blocker update things would get corrected or at least it appeared to work 99% of the time. [image: 1652047765959-update.png] and now it looks like i have duplicate rules one set that allows US (auto rule) and one that allows US inverted ( !pfB_NAmerica_v6 ) [image: 1652047515206-rules2.png] I assume I can delete one set, i think the inverted rules might be slower to process, assuming that if not = is slower to process then if = i'll see if I can install pfblocker-dev later, been a few days of fighting issue on not browsing, things are working and what to let the dust settle . Tim

@fjmp24 said in Block all ports except some: In my LAN network I have a service which uses the port 8081 This seems to be some common misconception to new users to networking.. Pfsense is the router to get off a network, ie the gateway for a device on network A to get to networks other than A. When devices talk to other devices on the same network as them - they don't send that traffic to their gateway, ie the router.. They just send it to the IP on their same network directly via the mac address. You have 192.168.1.a/24 and he wants to talk to 192.168.1.b -- the device knows hey 192.168.1.b is on my network so it arps, gets back the mac address of 192.168.1.b from 192.168.1.b and then sends the traffic to that mac. Pfsense has nothing to do with that traffic. Now when 192.168.1.a wants talk to say 8.8.8.8 or 192.168.2.x - it knows hey that is not my network.. Let me send that traffic to my router/gateway - they will know how to get there. So it arps for the mac address of its gateway say 192.168.1.254 or 192.168.1.1, whatever you have setup on your network as the gateway (pfsense IP on that network) and sends the traffic to that mac.. Pfsense then says oh you want to go to 8.8.8.8 - let me look in my routing table - oh Im not attached to that network, let me send it to my gateway (your isp).. edit: To be complete in the info - so here my pc arp table 192.168.9.100 for other IPs it has talked to recently on its own network.. When I ping 192.168.9.10 you see it sends that to the mac address it has for that IP in its arp table.. [image: 1652038509146-traffic.jpg] Now when I ping 8.8.8.8 it sends it to the mac address of pfsense IP 192.168.9.253, this pc gateway to get off its 192.168.9/24 network. Hope that helps you understand why pfsense has no say in what devices on the same network do between themselves.

@furom Seems it just takes a while for the logging to stop, but a bit odd it first removes the description and continue to log with tracking-id only... But works fine (would have deleted, but couldn't)

@bingo600 said in Open for egress traffic to NTP pool?: Unless you have done something "Non standard" on the WAN interface , you do not need to allow anything on the Wan interface , in order to sync to NTP Thanks! Looking in settings, turned out I somhow only had chosen localhost... Adding the lans to the mix resulted in an active peer! :)

@steveits Thank you! It looks like you are correct. I changed the gateway on the host machine to the pfsense IP and it connected. I had thought the host would reply back to the source ip

Is this "pfblocker but for ASN " how you it?

Cancel that, I found it.....

@eeebbune Possibly the access is blocked by the destination device's firewall?

Note, That working on this issue I encountered three issues: a crash report strange nat interface behavoir an incorrect backup file, probably related to this activity So, I did open some issues in the development forum, and will wait with further trails up to updates and jimps reaction

@nogbadthebad I think you missed my query - its not "login interface" its the natural pf.conf "set loginterface" component. It defines the interface that pf captures statistical information on. (Statistical data is available via "pfctl -s info")

@peter_apiit I am curious where your getting such ideas from to be honest.. Are you binging Mr. Robot or something. More than happy to answer questions - but your notions of your ISP hacking you in all sorts of crazy ways seems a bit over the top.. I could see concerns if say you saw a session from one of your machines between some IP out on the internet that you did not know what it was or why Being curious or worried about it could be justified. But your examples of your concerns - and pointing to your ISP as the one doing it seem unwarranted to put it mildly.. Your smart TV ending up on a screen, your monitor not going to sleep. Browser pages refreshing.. All of which have way more likely/probable causes then ISP or anybody or anything hacking you ;) Hacking your routing tables -- When your not even running any routing protocols. Your posting of your netstat connections - showed zero connections to anything. Pfsense out of the box would prevent any unsolicited inbound traffic from the isp or the internet to any of your devices behind pfsense. Unless you specifically opened up traffic with a port forwarded or allowed (enabled) UPnP the only traffic what would be allowed, is traffic that you initiated from a device behind pfsense. If you want to isolate devices on your network from other devices on your network. This is quite simple to do, with creating other networks or vlans and firewall between them to only allow the specific traffic that you want to allow. All of my iot devices are isolated from my other local networks for example. Pfsense would allow you to monitor (log) and or even just view the state table for traffic from any of your devices to the internet or between networks pfsense routes between for your own just curiosity or concerns. If you are concerned with devices on the same network from talking to each other. You need to look to switching or wireless infrastructure that allows for that. In switching its normally called private vlan. In wireless its called AP isolation or Client Isolation, etc. But so far all of your concerns of "hacking" seem to be completely unwarranted.. That is my professional "expert" opinion with 30 some years of working in networking and infosec..

@cool_corona thanks! This will help a lot!

@msswift THANK YOU. I have spent two days doubting my sanity and reading comprehension trying to solve a problem. Your clean explanation has removed the confusion. I guess I misread the docs badly. You have helped greatly. Thank you again. It was the portion stating that replies were sent to the WAN's gateway that helped. I was seeing duplicate packets on wan with one packet having internal addresses. Was not making sense (and was holding up the requirement of full egress control even the fw itself). Thanks again.