pfSense blocking all DNS
-
This seems absurdly basic, but my firewall is hobbling my network by blocking all DNS.
Firewall rules are setup for all relevant interfaces (the first rules)
But the firewall is blocking all DNS on all interfaces using the default deny rule
I can't figure out what's going on.
Any help would be appreciated. -
This was not the solution.
Navigate to System > Advanced > System Tunables. Find these two settings and adjust their values: net.link.bridge.pfil_member: Set its value to 0 to disable filtering on member interfaces. net.link.bridge.pfil_bridge: Set its value to 1 to enable filtering on the bridge interface itself. -
NSlookup on the server succeeds instantly.
It fails at clients. -
I found a problem experimenting with rules on the bridged interface.
It seems the HOMEBRIDGE_subnets network alias does not work when creating rules. Applying rules to this appears to have no effect.Use any/* does work.
I'm new to pfSense, but this looks like a bug. -
Something else.
The logs are showing an entry from the LAN interface which is a member of the HomeBridge bridged interface. Is this normal? Shouldn't the log show the traffic coming from the Bridge not the LAN interface?Firewall Log showing entries for both LAN & HomeBridge interfaces.
Bridge Definition
The IP address is assigned on the Bridge Config page.
Also, I have IPv6 turned off. Why are these logs showing this traffic?
-
The firewall is simply unstable.
Integrated network aliases don't function.
The firewall simply doesn't work.
Rules to allow all on specific ports appear to be the only type of rule that work consistently. Attempting to narrow the 'allow' to specific ip addresses or networks fail. User defined and system defined interface-related aliases don't function.This forum is not a good use of my time.
I assume the silence is simply bait to get people to switch to paid support. -
@DouggaDit allow UDP in addition to TCP
-
Nice catch.
Thanks!