Block rules don't work at all
-
Hello,
I'm trying to get a speed limiter set up per this post, but I am having trouble getting it to work. As a first step, I tried configuring the firewall to block ALL traffic to 192.168.10.24, but I can't even get that working; the device at that IP still streams video flawlessly.
I created a Firewall rule under WAN to BLOCK ANY traffic with the destination IP 192.168.10.24 (screenshot attached). Why this isn't working?
Thank you!
-
You need to show your LAN firewall rules..
Firewall rules work fine when configured correctly. Remember that rules are from the top down. So if a rule that allows everything is above a rule that blocks the block rule will never work.
-
Here's my LAN rules.
-
Your anti lockout rule at the top trumps the block rule below it.
-
I disabled that, and traffic is still going to 192.168.10.24 just fine. Attached new screenshot with anti-lockout disabled.
-
Did you kill your states after disabling that rule?
-
I'm trying to get a speed limiter set up per this post, but I am having trouble getting it to work. As a first step, I tried configuring the firewall to block ALL traffic to 192.168.10.24, but I can't even get that working; the device at that IP still streams video flawlessly.
What, exactly, is your LAN network IP address/netmask?
What, exactly, is the traffic you are trying to block?
Please be complete and specific.
-
@chpalmer:
I did this under Diagnostics > States > Reset States, then checked the box that says "Reset the firewall state table" and hit reset. The browser seems to hang after doing that, and so I refresh the page to get back to the web GUI. Once I get back in, all of the 192.168.10.24 connections re-establish themselves, despite the above firewall rules in place. Even if I filter for 192.168.10.24 and kill all the states that match this filter, they all come back after a few seconds. I've attached a screenshot of states page.My pfSense router is located at 192.168.10.1. I believe the netmask is /24 (as defined in Interfaces > LAN > Static IPv4 Configuration )
I have a wireless AP at 192.168.10.2, which operates in AP mode.
I have a wireless client (a Roku Device), at 192.168.10.24. This is connected through the AP.I want to implement speed limiters to limit the bandwidth video streaming devices on my network can consume per this post, but I was having trouble getting it to work. In order to test the firewall rules, I decided to BLOCK ALL traffic to a specific device (the roku at 192.168.10.24), so I would at least know that the firewall rule was working correctly. Traffic is getting through just fine to 192.168.10.24, which means that something is wrong with my configuration.
-
You cannot block traffic TO a device using the rules on the interface it is connected to.
You block connections FROM that device on that interface.
Place a rule on LAN at the top for traffic sourced from 192.168.10.24/32. Place the desired limiters on that rule. In/Out are Upload/Download, respectively.
https://doc.pfsense.org/index.php/Firewall_Rule_Basics
https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting
-
You cannot block traffic TO a device using the rules on the interface it is connected to.
You block connections FROM that device on that interface.
Yikes.. I missed that little error in his rules..
-
Thank you, this worked!