Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. Tags
    3. firewall rules
    Log in to post
    • All categories
    • J

      Thoughts on my firewall rules and a few questions
      Firewalling • ping failure firewall rules vlans sg-2100 • • Johan 2

      6
      0
      Votes
      6
      Posts
      90
      Views

      S

      @johan-2 Ah. Not using pfSense as the gateway, then. :)

    • R

      Netgate Hardware MVNETA1 LAN Firewall Rules
      Firewalling • netgate firewall rules vlans vlan to lan lan to vlan • • rennit

      12
      0
      Votes
      12
      Posts
      430
      Views

      S

      @rennit I guess? With VLANs AFAIK there are two ways to get the VLAN assigned. Either something assigns it (AP, switch) or the device's network config has a VLAN. With the latter, someone with knowledge can change, add, or remove the VLAN tag. If the switch allows the new-VLAN packet on that port then it gets passed on. Normally that's blocked by a managed switch, but generally unmanaged gigabit switches will pass packets without regard for VLAN.

      Otherwise something would need to be removing the tag from the packets, in order to cross over to another VLAN.

    • J

      Pfsense Firewall Rules and VPN connection
      Firewalling • pfsense+ firewall rules firewall portforward nat • • jjosuemp07

      3
      0
      Votes
      3
      Posts
      349
      Views

      J

      @viragomann
      that did work, anything else I can try?

    • Y

      GeoIP shows country as unknown
      pfBlockerNG • pfblockerng geolocation firewall rules • • yquirion

      14
      0
      Votes
      14
      Posts
      398
      Views

      D

      @yquirion I was surprised as well and was hoping it did not change my configuration which it did not. I was not aware about querying the database so I learned a very nice thing from you as well.

    • A

      Block access to web GUI through external IP from guest net
      Firewalling • block firewall rules multi-lan multi-wan web gui • • a_nice_fella

      8
      0
      Votes
      8
      Posts
      200
      Views

      A

      @viragomann & @Gertjan

      Thanks for your help!

      Managed to solve it with a floating firewall rule! I only tried to block it from the interface that I thought the traffic originated from first. But now I tried to add a floating rule that blocked the traffic from all interfaces that shouldn't have access to it, and it worked!

    • S

      Firewall - podstawowe reguły.
      Polish • pfsense 2.6.0 firewall firewall rules • • SKiL

      3
      0
      Votes
      3
      Posts
      337
      Views

      S

      @przemyslaw85 dzięki za odpowiedź. Jedynie zacząłem używać czasami wireguarda na komórce. Do stronki www mam wykupiony hosting. Póki co mam zintegrowaną kartę intela + tplinka ale chcę kupić właśnie jakąś intela. pfBlocker jeszcze nie konfigurowałem (używam snorta) Mój PC (router) to dell optiplex 7010 i5-3570 16GB ram i SSD 256GB

      Pozdrawiam

    • J

      Error loading rules
      General pfSense Questions • firewall rules configuration • • jbeez

      3
      0
      Votes
      3
      Posts
      131
      Views

      J

      @jbeez fixed... definitely user error. I was restoring a filter.inc from a prior version. Restored the proper one and its good to go.

    • T

      Firewall rule for VMware url functions
      General pfSense Questions • firewall rules vmware url • • tsr966

      5
      0
      Votes
      5
      Posts
      154
      Views

      stephenw10

      Are you running pfBlocker? Snort/Suricata?

      Anything show as blocked?

      Steve

    • I

      Viewing redirected DNS destinations
      Firewalling • dns redirect firewall rules • • ibbetsion

      1
      0
      Votes
      1
      Posts
      158
      Views

      No one has replied

    • L

      DNS Resolution of server failing... but I can ping the box?
      WireGuard • dns resolution firewall rules wireguard • • lukeclover21

      5
      0
      Votes
      5
      Posts
      347
      Views

      L

      So, after some further digging, I discovered a couple things.

      You have to actually assign the tunnel to an interface The MacOS Wireguard app doesn't support .ddns.net domains

      Thank you for your help, once I assigned the interface correctly everything worked like a charm.

    • L

      DNS Resolution for Wireguard tunnel failing
      DHCP and DNS • dns firewall rules wireguard dns resolution • • lukeclover21

      3
      0
      Votes
      3
      Posts
      544
      Views

      L

      @bob-dig Yes, I can ping the domain name and receive a response from the firewall.

    • G

      Disable firewall rules from mobile browser: can't scroll
      webGUI • bug web ui firewall rules • • gianpaoloracca

      4
      0
      Votes
      4
      Posts
      298
      Views

      G

      @gianpaoloracca UPDATE:
      you can scroll dragging the column header.
      So it's clunky but it works.

    • U

      Block Internal vLan from accessing Web UI
      Firewalling • firewall rules pfsense • • unififcf

      14
      0
      Votes
      14
      Posts
      399
      Views

      johnpoz

      @unififcf said in Block Internal vLan from accessing Web UI:

      they said it is a TrueNAS

      Ah - yeah they do not have a "gui" to admin it, but you can for sure configure ipfw on it and manually setup the rules. Haven't played with that in long time.

      But ipfw can be its own learning curve for sure - yeah best to move that to different vlan than all your users and just use pfsense.

    • M

      How do you configure pfSense to connect its WAN port to a %G hotspot
      Firewalling • bogon hotspot firewall rules • • munson

      5
      0
      Votes
      5
      Posts
      246
      Views

      M

      @steveits Thanks again. I will try it one more time. My hot spot has a different subnet than the internal networks. It seems really strange that I can't ping my hot spot from either on of my internal networks.

      Thanks

    • C

      Ipsec established but no data passing
      IPsec • ipsec firewall rules firewall ipv4 vpn tunnel • • craigerr1

      2
      0
      Votes
      2
      Posts
      491
      Views

      periko

      @craigerr1 is P2P? Mobile?
      Have u open the rules in both sides to allow traffic on your firewalls->rules->ipsec?
      Regards!!!

    • R

      Isolate Secure LAN, Different IP Range, Management VLAN, Lab LAN
      Firewalling • secure lan management vlan firewall rules block outbound • • rennit

      5
      0
      Votes
      5
      Posts
      537
      Views

      R

      @johnpoz Thank you so much again. Understand all.

      Couple of clarifications:

      Yes, understood, I was looking to be able to access pfsense and the LAN, but not the internet, in this instance. Either way, everything you said helped clarify it for me and I both understand it and got it configured and working. :))

      2a. Mine is manual, but yes, great points and idea.
      The allow rule you are referring to, would be an allow any and the gateway or default gateway correct?

      Correction: Vlan 1 includes all ports as members, then port 1 (trunk) is tagged in every vlan. Is that correct configuration?

      Also, on one of the switches I am looking at (all are good, one is high-end) I noticed that VLAN 1 (under its VLAN ID tab in membership), is an untagged member in every port as well. This includes ports with the assigned untagged VLAN also. That is incorrect?
      Should only be the vlan assigned to that port untagged, correct?

      Okay, and if a block egress rule in floating, that would go on the WAN or other gateway as previously discussed, correct?

      edit: 1 neither tagged nor untagged now in ports with other vlans untagged on them. All seems to be working, so thinking that is the correct config. :)
      Therefore, now not all ports are members on vlan 1, but port 1 (trunk) is tagged on each vlan on other ports.
      ex: VLAN ID. ** Port Member
      1 ** 1 17 27 (not a member of ports with vlans assigned untagged)
      10 ** 1 2 (vlan 10 U on port 2)
      Port 1 tagged on every vlan
      (formatting issue so had to use * to separate rather than columns)

    • R

      How to - Block and Filter Egress Traffic
      Firewalling • firewall rules egress port blocking • • rennit

      12
      0
      Votes
      12
      Posts
      424
      Views

      R

      @johnpoz Okay, all makes sense as always from you. Thank you.

      And yes, pfblocker is definitely on the list to learn and setup.

      Also: I just setup a new switch and it has brought me to one last issue I'm having trouble with regarding management and isolated LAN. Seems to be of interest from the posts I've read, but no real answers I've seen, so I am going to start another thread, easier to find related topic for others, with last questions for you. Hope you do not mind...

    • S

      Excessively High Firewall Maximum Table Entries
      Firewalling • firewall rules pfblockerng pfblocker memory high • • scolby33

      1
      0
      Votes
      1
      Posts
      286
      Views

      No one has replied

    • R

      Help please: Why are these rules isolating IoT not working?
      Firewalling • routing firewall rules iot guest • • rennit

      34
      0
      Votes
      34
      Posts
      912
      Views

      R

      Very thankful for this discussion. Provided a much greater understanding of many things and overall.

      For those reading: As to this specific issue, one that I saw many posts about, but this solution I have not seen:

      Just found this under logs-->firewall-->settings. I tested it and worked for the noise. Just don't know if will be losing any other and important logging with it. Looking at default block rules I do not think so, but not sure.

      Screen Shot 2021-09-28 at 08.20.10.png

    • R

      Test inter-LAN/VLAN Routing to Verify Firewall Rules
      Firewalling • vlan firewall rules testing routing • • rennit

      1
      0
      Votes
      1
      Posts
      219
      Views

      No one has replied

    • T

      Wildcard Filtering
      Firewalling • firewall rules alias • • twistedstorm

      1
      0
      Votes
      1
      Posts
      166
      Views

      No one has replied

    • P

      Not able to ssh to outside world (WAN)
      Firewalling • firewall rules • • Peter_APIIT

      11
      0
      Votes
      11
      Posts
      415
      Views

      Gertjan

      @peter_apiit said in Not able to ssh to outside world (WAN):

      connect my company jumphost using ssh

      Can you change the settings of this ssh access ?
      Change the '22' port to '2222' and you'll be good.

    • V

      External ip and shodan show Port 80 open
      Firewalling • firewall rules webgui shodan wan ip ddns • • Verga94

      1
      0
      Votes
      1
      Posts
      243
      Views

      No one has replied

    • F

      DNSBL not creating firewall rules
      pfBlockerNG • pfblockerng dnsbl firewall rules • • FredMcfly

      24
      0
      Votes
      24
      Posts
      1662
      Views

      F

      @bob-dig
      I temporarily disabled my feed and added reddit.com and www.reddit.com to the DNSBL Custom_List and the website (and others) is still not blocked. (Yes, I did a force update all)

      I have tried on different computers on the network and they can still access it.

      I have also tried on three different browsers.

      I am really confused why some sites are blocked while others are not.

    • D

      SG-5100: Running easyrule with dedicated user
      Firewalling • firewall rules sg-5100 • • DrPhil

      2
      0
      Votes
      2
      Posts
      162
      Views

      D

      Turns out I need to "sudo" with my dedicated user for the command to work. Like this

      sudo easyrule block lan 192.168.1.21
    • L

      Unbound durch OpenVPN Client tunneln, sofern verfügbar
      Deutsch • vpn unbound firewall rules dns resolver openvpn client • • Logic

      11
      0
      Votes
      11
      Posts
      529
      Views

      Bob.Dig

      Musste leider feststellen, dass "meine" Lösung wohl nur eine gewisse Zeit funktioniert. Irgendwann scheint es so, dass Windows den "ersten" DNS-Server nicht mehr nutzt und daher interne Namen nicht mehr auflöst.
      Habe daher vorerst auf IPs umgestellt.

    • J

      Firewall Rules not applying to http traffic
      Firewalling • firewall rules gateway routing • • jack7076

      9
      0
      Votes
      9
      Posts
      285
      Views

      H

      @jack7076 transparent squid does not work with policy routing. Squid binds to wan. Policy routing is done before it reaches wan

    • P

      Auf Accesspoint hinter der Pfsense zugreifen
      Deutsch • firewall rules • • PHB

      9
      0
      Votes
      9
      Posts
      219
      Views

      P

      @NOCling @the-other ,

      das mit dem VLAN ist ne gut Idee, ich muss mir erstmal den switsch anschauen.
      (Ist ein kleiner HP 8 Port Gigabit switch)

      Werde mir das auf die todo Liste setzten wenn ich mal wider vor Ort bin.

      Wen der VLANs kann werde ich mich ggf. wegen der Konfiguration nochmal melden.

      Gruß Peter

    • imark77

      Bridging physical interfaces and VLANs, geting DHCP with no routing? Or is it
      L2/Switching/VLANs • vlans bridging rules firewall firewall rules • • imark77

      3
      0
      Votes
      3
      Posts
      269
      Views

      imark77

      edit:
      on the SG-3100 I have determined that I did not have the switch ports assigned/enabled to any vlans and after that it gave me DHCP on the lan ports and vlans. however I am still with the issue of some devices getting IP's and some not, on the same laptop over Wi-Fi nothing wired something. My travel AP does not support vlans so it has to be on the base level. and none of my non-Mac computers seem to be getting DHCP. And I don't know what caused it but I managed to crash my old router and ALL INTERNETs last night plugging in the new one to do a test. I went out and bought 4 manageed switches so I could break out all of my VLANs to test, and it was the only ez way to solve ingesting my multiple travel WAN VLANS ( local lan, Wi-Fi, Wi-Fi hotspot, wired LTE modem).

    • A

      Floating Rules order for pfSenseBlockerNG and Traffic Shaper by Limiter
      pfBlockerNG • pfblockerng traffic shaper rules firewall rules limiters • • ayanpal

      2
      0
      Votes
      2
      Posts
      339
      Views

      S

      If you set pfBlocker to "native alias" instead of block, that will just create an alias and you can create your own block/allow rules however you want them.

    • T

      IPv6 Internettraffic vom LAN-Interface wird durch ominöse Firewall-Regeln geblockt
      Deutsch • ipv6 firewall rules rules dhcpv6 • • Trunex

      21
      0
      Votes
      21
      Posts
      814
      Views

      T

      @mickman99 Sorry mal wieder die späte Rückmeldung. Habe jetzt Urlaub und kann mich dem Thema wieder expliziter widmen.

      Tatsächlich wird der Präfix einwandfrei auf die Interfaces verteilt und stimmen auch mit dem Präfix mit dem der FRITZ!Box überein. Laut Log der FRITZ!Box wird das verteilte Netz an das LAN Interface auch erkannt und als Exposed Host freigegeben.

      Ich vertraue allerdings der Firewall der FRITZ!Box nicht so ganz. Ich richte parallel bei einem Nachbar einen OpenVPN Server über IPv6 ein. Auch dort wird der eingehender Verkehr trotz Exposed Host (natürlich nur zum Test so freigegeben) rejected. Sinn macht das nicht.

      Zusätzlich ist bei meiner pfsense das Problem aufgetreten, wenn viele Daten auf einmal verarbeitet werden müssen, dass der interne DNS Server abschmiert. Da habe ich auch die Vermutung, dass es an der FRITZ!Box liegt. Der Log der Fritte verrät da allerdings nicht so viel...

    • ?

      Bridge and firewall behavior confusion
      Firewalling • bridging firewall rules • • A Former User

      1
      0
      Votes
      1
      Posts
      64
      Views

      No one has replied

    • A

      Como criar regra para bloquear o teamviewer
      Portuguese • firewall rules • • Antonio Brito

      1
      0
      Votes
      1
      Posts
      81
      Views

      No one has replied

    • P

      Web traffic log issues WAN / LAN . VirtualBox
      Routing and Multi WAN • virtualbox routiing traffic issues pfsense firewall rules • • pfuzer

      11
      0
      Votes
      11
      Posts
      272
      Views

      N

      @pfuzer pfsense with pfblockergng-dev and suricata

    • D

      Portweiterleitung durch OpenVPN
      Deutsch • openvpn problem routing opt1 ipv4 openvpn routing firewall rules • • denndsd

      18
      0
      Votes
      18
      Posts
      501
      Views

      D

      Hallo Zusammen,

      vielen Dank für die vielen Antworten.
      Ich werde das ganze am Wochenende mal trennen.
      Das macht Sinn ja. :)
      Aktuell komme ich nur nicht dazu, weshalb das ganze hier etwas eingeschlafen ist.
      Bei einem anderen Peer klappts scheinbar.
      Sehe merkwürdig.
      Aber ja, trennen macht sinn.

      Danke erstmal.

    • Y

      Multi OpenVPN client + Random OpenVPN Connection + Customize Sticky Connection
      Routing and Multi WAN • routing openvpn gatewaygroup firewall rules • • ydyw8rdm8i7DfD

      2
      0
      Votes
      2
      Posts
      396
      Views

      Y

      Does anyone have any idea on the implementation of this please?^

    • M

      SMB/NFS/iSCSI between VLAN<->LAN only works with synproxy enabled
      Firewalling • vlan firewall rules • • MichaelLong

      1
      0
      Votes
      1
      Posts
      503
      Views

      No one has replied

    • W

      Restrição de acesso pelo túnel IPsec
      Portuguese • firewall firewall rules ipsec ipsec rules • • willaim

      1
      0
      Votes
      1
      Posts
      93
      Views

      No one has replied

    • P

      cant get access from outside to webpage
      General pfSense Questions • haproxy acme firewall rules • • pooperman

      19
      0
      Votes
      19
      Posts
      443
      Views

      P

      @pooperman

      there is some issue with SSL handshake:

      1.JPG

    • T

      Pfblocker NAT rules.
      pfBlockerNG • pfblockerng dnsbl firewall rules nat • • tbr281

      2
      0
      Votes
      2
      Posts
      430
      Views

      K

      I'm having the same issue with pfBlocker and NAT rules. I have no issues adding white-list rules for my devices that are on a directly routed subnet. But trying to figure out how to handle an allow rule for an existing NAT rule is causing issues.

      Have you found any solution yourself as of yet?