TCP:S blocked, not sure why

  • I am seeing a block in the log for TCP:S.

    I have the following allow rules, not sure why it's being blocked.

    Screenshots attached.

    Thanks for your help.

  • Destination WAN net seems wrong. This way you are just allowing traffic to the net your WAN interface is in, not the whole Internet. Try any.

  • Hmm, you could be correct but I believe that "Any" would allow Guest network to access LAN network, which is definitely not the goal.

    There has to be a way to specify the "internet" without using ANY?

  • Rebel Alliance Global Moderator

    Wan net would only be whatever network is on your wan.  That for sure would not be the whole internet ;)

    If you want to allow to the internet but not your other network(s) then there are couple of ways to do it.  You either block access to your other networks above where you place a any rules.  Or you create a rule with an alias that includes where you don't want them to go like your other networks or rfc1918 space and then use a ! rule so as long as they are NOT going there then it would be allowed.

  • Thank you both, resolved thanks to your help.

    I'm coming from Sonicwall where Allow LAN –> WAN was the necessary rule.  It didn't occur to me that there wouldn't be an "Everything outside of the WAN Interface" zone/interface. I'm still learning the pfsense way of doing things but excited so far.