UDP firewall rule being skipped
-
@Ryuu-0 Imagine the default deny rule as being under your rule list. PfSense rules are processed top to bottom, so...
-
@Ryuu-0 You said that this failed:
-
@Ryuu-0 That is what you need:
-
@NightlyShark Sorry, that's not what I said. My screenshot is, unfortunately, missing the "Action: Pass" field. But that's what I tried and what's failing (pasting again for convenience)
-
@Ryuu-0 What rule drops those packets? Can you see in the logs?
-
@NightlyShark Yeah. It's being blocked by the default rule:
-
@Ryuu-0 Do you by any chance have the IPsec profile setup as an interface? Because then all rules at the IPsecServerXYZ tab take precedence over the general IPsec tab (for all IPsec connections/profiles), including the default deny one.
-
@NightlyShark Yeah, it's set up as a Virtual Tunnel Interface.
I'll take a quick look at those settings. -
@Ryuu-0 Then you need to create an interface and set the rules on that tab.
-
@Ryuu-0 I just checked, there are no extra tabs, in Firewall Rules, for the IPsec interfaces.
The only tab is the general IPsec tab -
@Ryuu-0 What is the destination address for the packets, PfSense?
-
Does anyone else have an insight as to what's going wrong?
Something I didn't make clear is that there are no UDP rules other than the one I'm trying to add, i.e. it's not a case of traffic being blocked by a different rule; I in fact don't have any block rules, only pass and rely on the default rule to block any traffic which doesn't match a pass rule
