Unable to pass traffic after removing egress filtering
-
Hello,
I noticed that after removing some LAN outgoing firewall rules and creating an any/any rule:
- LAN net * * * * none
the firewall did not allow any traffic to pass outward from the LAN, and nothing was logged as being blocked. After restoring to factory default, everything worked again. I tried this with both versions 2.0.1 and 2.0.2.
Has anyone else noticed this?
Thanks,
Todd
-
Well, if you can reproduce it, others can help you look into the issue. Do you have any floating rules?
Ideally you'd need to provide the contents of
/tmp/rules.debug
and do some packet captures. -
I wonder if this could have been the same issue as:
'pf blocks all traffic following filter reload' http://redmine.pfsense.org/issues/1493
I was just making some config changes now (firewall/aliases/openvpn) and noticed that my open states kept getting cleared after applying them.
Todd
-
I was just making some config changes now (firewall/aliases/openvpn) and noticed that my open states kept getting cleared after applying them.
That's what happens when your gateway status is down. States will get killed on every filter reload. Either fix the gateway monitoring, or disable the state killing under System>Advanced.
-
You're absolutely right, I didn't realize my TimeWarner gateway is not pingable, and so it was marked as offline.
When I looked in the System Log, nothing was mentioned about this being down (nothing logged either when I fixed the Gateway Monitoring and it was marked as up).
I'm guessing this was the cause of my blocked traffic also.