@skiteer747 Packet captures everywhere are your best friend (and you've already done that). I'm guessing that the port is an SSL connection (makes a lot of sense) and if you see no traffic from either side to/from that port, that's the clue.

@ihatenetgear even though it doesn't work for much - it makes me feel better ;) And someone or some AI is going through commands sent - and if they hear enough STFU from people maybe they will get the idea people don't like whatever that was ;)

Very thankful for this discussion. Provided a much greater understanding of many things and overall. For those reading: As to this specific issue, one that I saw many posts about, but this solution I have not seen: Just found this under logs-->firewall-->settings. I tested it and worked for the noise. Just don't know if will be losing any other and important logging with it. Looking at default block rules I do not think so, but not sure. [image: 1632842562916-screen-shot-2021-09-28-at-08.20.10.png]

@renemg glad things are working as desired. I too noticed that it took a few minutes before I started getting the logs to output in the format you were seeing. Just depends on the number of times things hit on your firewall rules. Happy packet pushing!

@steveits I have per rule setting disabled for "Log packets that are handled by this rule" for the rule that supposedly blocks packets with destination 255.255.255.255 from any on the interface. If I turn off "Log packets matched from the default block rules in the ruleset," the logging of the undesired logging does stop, but so does everything else I want to see. If I turn on that setting, the unwanted packets start logging again. Thanks, Dave

@nnelson2048 Its a vulnerability in PF and it has been adressed before. Rules -> Advanced settings and [image: 1632511680461-a1d34b83-a9cd-461a-aacb-9c48210943a1-billede.png] Try to run SYNPeoxy on the rule and see if it helps. And try to limit the number of connections per host/IP.

If your wan connection is coming in on a vlan, then yeah you would setup pfsense wan to use that vlan. But if this other /27 is on some other vlan - then its not actually routed - and is directly attached. Or you sure you can run the "lan" side network on any vlan you want to run through your switching infrastructure.

@amk Glad that you get it working finally.

@bitfrost Nothing is secretly added or changed on pfSense. RTFM. You can find everything there you have to know. By default pfSense provides a firewall rule on the LAN, which allow access from LAN subnet to anywhere. This rule is meant for quickly getting it up. It's on you do remove or modify it and restrict source or destination IPs or ports or state a specific protocol. On all other interfaces there is no default pass rule. So to get any access you have to add rules by yourself. You can add aliases for IPs or ports or networks and use both in firewall rules after.

In order to recreate the original behaviour (of having "Skip rules when gateway is down" = Checked) I set up a floating rule as described here.

@phr0zent glad you got it sorted - moved this to general firewall. Since this is more just basic firewall issue. Could maybe be in routing section. But this is better than switching/vlan section

@bambos said in Block access to LAN from any other network: what is the correct thinking here? What makes the most sense to you? You can create a "floating" rule that applies to traffic going out of an interface firewall -> rules floating When you add a rule there's a drop down menu for Direction where you can specify "out"

@accidentalit said in Remote Desktop, port forwarding, & Comcast, Oh my: Turns out that Comcast, in their infinite annoyance, changed our static ip without telling us. You might want to see if your host name is consistent. I'm on Rogers and I have a host name that's based on the modem and router MAC addresses, so it changes only when I change hardware, even if the IP address changes. Still, the IP changes so seldom, it's virtually static.

@dumdedumda when you add a rule with protocol ICMP, under subtypes there is "Any" or various other subtypes.