nevermind.. figured out issue and fixed it. unblocked it pfBlockerNg -> GeoIP. Squid has no traffic management configure. Only proxy was setup.

Redmine issue created: https://redmine.pfsense.org/issues/11439

@teamits said in Block External Access to "wp-admin": if there was a WordPress plugin to limit access by IP address Ran across this today (haven't tried): https://wordpress.org/plugins/secure-admin-ip/

@griffo Doh! Oh well, better late than never lol

@hieroglyph Thanks for help, i was able to configure everything, the reason i was using floating rules in the first place is because i saw them being used in some other guide about DoT

@viragomann ABSOLUTELY FANTASTIC! Thank you so much for the help! It worked!! I have been trying and trying but was not successful even with the split DNS prob cause i didn't set it up right but the DNS resolver option worked flawlessly and was easy. Thank you again! Also, I know pfSense doesn't allow all the crappy stuff home routers do and is the primary reason for switching to a pfSense router VM. My network is faster and my internet seems faster also most likely due to the additional resources allocated to the pfSense VM or its just an illusion created by my feeling success in setting everything up. Either way this is done and working and I thank you for the support!

@chpalmer I think I understand now. The fact that the LAN interface is in a different subnet additionally confused me (the device from which the connection is in a different subnet, and I use a transfer station)

@johnpoz said in Need help on weird firewall behavior: https://docs.netgate.com/pfsense/en/latest/firewall/rule-methodology.html#anti-spoofing-rules That makes sense. I'll look into the tagging on the AP. Thank you.

Hello, thank you for your post, but mine is not a simple name resolution problem. The problem derives from the fact that if you create an alias table with some records, often pfsense does not solve them (absolutely randomly) and does not write them in its tables, this generates on the one hand a table for example with 10 records and, from the another with 6 records. This is a software problem that does not check between the source and destination tables and does not even report that this discrepancy exists.

It works. Thank you!

@bob-dig : what about blocking everything, no logging. This is the default after all. If 'they' want to test the firewall, see it as a service. Let's say : you pay for it ^^

@jamesadams said in Firewall 10gb: I would like to know if it is possible to make a firewall Hi, Studying these will definitely be a good starting point and help https://calomel.org/freebsd_network_tuning.html https://calomel.org/network_performance.html

@saggittarius said in strange internal ipv6 addresses in LAN network: Hi all, I had a look at the firewall logs and seeing a lot of entries like these ones? What are these ipv6 addresses? Feb 2 10:55:48 LAN Default deny rule IPv6 (1000000105) [fe80::d1b6:7c0f:e7ae:9df8]:5353 [ff02::fb]:5353 UDP Feb 2 10:55:48 LAN Default deny rule IPv6 (1000000105) [fe80::d1b6:7c0f:e7ae:9df8]:52005 [ff02::1:3]:5355 UDP Feb 2 10:55:48 LAN Default deny rule IPv6 (1000000105) [fe80::d1b6:7c0f:e7ae:9df8]:5353 [ff02::fb]:5353 UDP Feb 2 10:55:47 LAN Default deny rule IPv6 (1000000105) [fe80::aa23:feff:fed2:b70e]:5353 [ff02::fb]:5353 UDP Thanks for your help. Regards IPv6 Multicast Link-Local Multicast Name Resolution for the 5355 entries and Multicast DNS for the 5353 entries.

@mrglasspoole Easy. Set fixed ip on the cam Make alias (hosts) for the Cams Block access to Wan for alias Select any protocol Done They are now not allowed to Wan Can still be accessed via VPN

@cool_corona I have tried that it's not working. I even tried adding a static route on both Mikrotiks but nothing is working. On both branches when I remove the Mikrotiks emails are flowing through Green Packet. The reason for putting the MIkrotiks is for firewalling and VPN configuration which I haven't done yet.

@kiokoman I'd also ask if the OP has Squid installed and configures with SSL inspection enabled, this will block HTTPS without the client device using a certificate

@theskelly said in OVPNS1 + LAN->WAN Blocked Firewall Rules: However, the one outstanding question I still have on this is: if it wasn't added as an interface in it's own right to begin with, how could the firewall be blocking on it? I do not know the answer to that question. My best guess; it is a rule pfsense automatically generates. Maybe as a safe guard when an interface is not created yet...???