Thanks guys. Ticket resolved.

@eb-0 It depends on what you are trying to block. There are lots of lists. The pfBlocker package contains many blocklists. The Squid package makes reference to the Shallalist.

@viragomann oh right, thanks :)

@raulchiarella I can definitely believe it. Another guy had a cable problem here (sendto: errors IIRC) just a few days ago. It's more common than you think.

I'm an idiot, turns out it was a known bug which has since been patched in 2.6, I have states showing now...

@jimp Great ! I will wait then, thank you for reaching out to me ;)

@themac You can find some turorials in the web. E.g. https://docs.deeztek.com/books/pfsense/page/pfsense-haproxy-softether-vpn There are also some videos available on YT. Do a search. I did my first view steps with HAproxy for now, so I can't tell you much. Since the proxy has to respond to HTTPS request, you will also have to install the certs on pfSense or the ACME packet if you use Let's Encrypt. There is a proxy section in this forum to ask specific questions: https://forum.netgate.com/category/52/cache-proxy

@thisisbenwoo said in Logs not showing any requests on port 80 or 443 since upgrading to 2.5.1: I've kept 8443 because There are 'only' 65535 ports. Portscanner will find your 8443 quickly. I guess it's possible, by looking at the return packets - and the presented GUI login page ;) , the attacker can know upfront that he deals with pfSense. So the login is 'admin'. Leave open the last hurdle : the password. Now enter the dictionary attack .... Btw : Your 8443 is close to 443 which somewhat (might) explain : @thisisbenwoo said in Logs not showing any requests on port 80 or 443 since upgrading to 2.5.1: decided to block port 443 for "security reasons," Hosting 'servers' yourself, like web servers can create situations where the clients, who hosts a site, starts sharing info that creates "issues". The responsibility of the ISP could be engaged. I understand why you want to use '443' as this port will be the last one being blocked from any location. OpenVPN uses UDP, a web server uses TCP, even UDP is blocked ? @thisisbenwoo said in Logs not showing any requests on port 80 or 443 since upgrading to 2.5.1: Is there a way of turning on logging this? The default firewall blocking rule ? For 'educational reasons', yes, of course. Goto Status> System Logs > Settings and check "Log firewall default blocks".

After another round of extensive troubleshooting, it turned out that everything I had done on the pfSense side was correct all along. The 1:1 NAT with static Outbound NAT rules were working perfectly fine. One thing I did not mention in my initial post, was the fact that I am also using DNS Resolver in my DMZ. This is done so that any softphone clients using my guest WiFi network, will be able to resolve the IP address of my PBX to the internal IP, rather than the external. While the PBX itself was configured with static IP address and using public name servers, it would somehow still resolve the PBX name to the internal IP, rather than the public IP. I don't know if there is a bug in the OS where FreePBX is running on, or a configuration error or something else. This is still a mystery to me, which I am trying to figure out.

@joepuff said in Rule to block all allow only netflix for 1 single static LAN IP: Netflix also uses 3rd-party CDNs from what I understand, so your task is certainly not going to be easy. I am not really clear on how that goes from a text formatted list to a "rule via an alias that contains all of those IP's" Firewall - Aliases - Import Create your alias and then use it as the destination of a block rule.

@randolf said in Pfsense connection timeout vr2.4.4-RELEASE-p3 (amd64): Hello guys, I need some assistance coz this is the first time that I will handle Pfsense and our company encountered connection time-out in downloading file and to our Email server and I tried troubleshooting outside the firewall and things are fine but when I'm inside the problem occur and when I try to check our speed connection in speedtest "A socket error occurred during the download test. A firewall could be blocking the connection or the server might be having some issues. Please try again later." ([image: 1619424947928-untitled.png] image url)

All open states are killed after rule's schedule expiration (ver. 21.02.2) but you have to pay attention to the correct setting: the option "Do not kill connections when schedule expires" under System/Advanced/Miscellaneous/Schedule must be disabled states are killed after the expiration only if schedule is set to a pass rule (a block rule works but old states are left open after expiration) and there are no other rules which would allow connections after the rule's expiration (you can use "invert match" checkbox in others) states are killed only if minutes are aligned to 0-15-30-45 (in the GUI enforced by the dropdown anyway) you can test if states have been killed correctly only after the mentioned intervals (there seems to be an internal cron job which does the killing at the intervals)

@robmarchetti said in unexpected outbound traffic blockage: pfsense drops out of state traffic by default We normally uncheck the "Log packets matched from the default block rules in the ruleset" log option, since there can be a lot, and just turn that on if debugging new rules.

@dparring said in Block Private Networks From Leaving PFSense: @johnpoz: Well if the rule is written as dest 192.168.100.1 even if seen as inbound rule to your firewall/nework on the wan interface.  There is nothing listening on 192.168.100.1 on your firewall, or for sure there shouldn't be if your modem is using that IP. I'm not really sure why a direction any rule would work and an out rule would not.  Specifically I tested with this: Floating rule Pass Quick on Interface WAN Direction any (out didn't work) IPv4 Protocol any Source any Destination single host 192.168.100.1 DP I just posted a question before finding this thread. Sorry to make it live again after 5 years, but this part was not fixed. I found this fix to use only an "out" direction, and not "any" to allow access to the Modem cable [image: 1620980098414-floating-modem-resized.png] The rule works properly that way. I need however to allow it on both WAN and the VLAN interface providing internet access because the Transit VLAN (internet only) has a rule to only allow traffic to non local interfaces. The source must be WAN address. In my setup, I do not need the floating rule because the control is done on the local interfaces since only one can allow internet access. But just added it for testing the "out" only method Is it safe to go with it to follow the guide recommendation while allowing access to the modem ? Thank you

@kom , thank you for the tip! i will try that out and see if it works :) !

@pulsartiger Set your block rule to log (it's in the Extra Options section of your block rule) and then all blocks will be logged. The views are kind of limited so if you need more granularity or history then you might need a syslog server or something else more complicated.

@steveits Hi, problem resolved. The test pfsense run in vmware player and windows 10 test vm has only Internet Explorer. After installing Firefox adding tehe FQDN Alias was no problem. Thanks a lot, sincerely Roman

@johnpoz Thank you. I was searching for an interface specific rule. Now I see them too