Pinging WAN interface
-
I have an odd one to me here. For testing, I temporarily created a WAN rule to allow the pinging of the WAN interface from any external device. Once the rule was enabled, the external computer could still successfully ping the WAN interface. I enabled logging for the rule, and could see the successful ICMP entries populate the log. After doing what I needed to do, I disabled the rule and verified that I clicked 'Apply Changes' after editing. The odd thing was, the computer could still successfully ping the WAN IP. I then deleted the rule, but the pinging continued.
I looked in the logs on the firewall, and the successful ICMP entries had stopped. I had been running Wireshark on the pinging computer and there were no differences between entries from before the rule was disabled/deleted until after.
I then created a 'Deny' rule for ICMP with logging enabled on the WAN interface, but the pings continued. And still the logs showed nothing regarding ICMP.
I then rebooted the firewall and that took care of the issue..
Any ideas where I should be looking to see why disabling/deleting the ICMP rule still allowed pinging on the WAN interface?
Thanks for any help!
pfSense 2.3.4-1
Watchguard X550e -
Disabling/deleting the rule did not kill the state which was created when the rule was first triggered.
Your reboot obviously killed the state as would have a: Diagnostics / States / Reset States in the UI.
Or simply a timeout. -
The Reset States did the trick. Thanks for you help!