Firewall rules not working for IPsec
-
I'm using pfBlocker to create IP table of AS3320 (Deutsche Telekom) IP range. I'm doing this to only allow connections from this network. It is working flawless on my pfSense+ but not on my pfSense CE.
I'm seeing multiple connections in my IPsec log from IP addresses that are not withing that AS3320. There is no additional allow rule for WAN interface. Also the IP adddresses (networks) are updated without any problem and I can see them in the Alias.
I'm running pfSense 2.8.1.
pfBlocker:
WAN Interface rules:
IPsec Log:
Netgate 6100 MAX
-
@mrsunfire said in Firewall rules not working for IPsec:
AS3320
For me, 87.236.176.168 - probably British - isn't in AS3320.
Nothing on the Firewall floating page ?
You've reset all existing states ? -
@Gertjan Exactly, it is not within the allowed IP addresses, which is why I'm confused. There are no floating rules, etc. It's a pretty out-of-the-box configuration. I don't know where to start troubleshooting. Additionally, I don't see this IP address in the firewall logs, even though logging is enabled.
-
Do you have control over this "87.236.176.168" ?
What happens when you remove rule "4" and/or "6" ?
When both are removed, your WAN should block all incoming traffic. -
@Gertjan If I remove them, it's blocked. It has something to do with the AS list. But only on the CE version. I'm using the exakt same config on my Netgate 6100 and there it's working flawless.
-
@mrsunfire In System > Advanced > Firewall is "Disable Auto-added VPN rules" checked or unchecked?
