Block rules don't work at all

CaseyE

Hello,

I'm trying to get a speed limiter set up per this post, but I am having trouble getting it to work. As a first step, I tried configuring the firewall to block ALL traffic to 192.168.10.24, but I can't even get that working; the device at that IP still streams video flawlessly.

I created a Firewall rule under WAN to BLOCK ANY traffic with the destination IP 192.168.10.24 (screenshot attached). Why this isn't working?

Thank you!

pfsense-firewall.PNG_thumb

chpalmer

You need to show your LAN firewall rules..

Firewall rules work fine when configured correctly. Remember that rules are from the top down. So if a rule that allows everything is above a rule that blocks the block rule will never work.

CaseyE

Here's my LAN rules.

pfsense-LAN.PNG_thumb

chpalmer

Your anti lockout rule at the top trumps the block rule below it.

CaseyE

I disabled that, and traffic is still going to 192.168.10.24 just fine. Attached new screenshot with anti-lockout disabled.

pfsense-LAN-antilockou.PNG_thumb

chpalmer

Did you kill your states after disabling that rule?

Derelict

I'm trying to get a speed limiter set up per this post, but I am having trouble getting it to work. As a first step, I tried configuring the firewall to block ALL traffic to 192.168.10.24, but I can't even get that working; the device at that IP still streams video flawlessly.

What, exactly, is your LAN network IP address/netmask?

What, exactly, is the traffic you are trying to block?

Please be complete and specific.

CaseyE

@chpalmer:
I did this under Diagnostics > States > Reset States, then checked the box that says "Reset the firewall state table" and hit reset. The browser seems to hang after doing that, and so I refresh the page to get back to the web GUI. Once I get back in, all of the 192.168.10.24 connections re-establish themselves, despite the above firewall rules in place. Even if I filter for 192.168.10.24 and kill all the states that match this filter, they all come back after a few seconds. I've attached a screenshot of states page.

@Derelict:

My pfSense router is located at 192.168.10.1. I believe the netmask is /24 (as defined in Interfaces > LAN > Static IPv4 Configuration )
I have a wireless AP at 192.168.10.2, which operates in AP mode.
I have a wireless client (a Roku Device), at 192.168.10.24. This is connected through the AP.

I want to implement speed limiters to limit the bandwidth video streaming devices on my network can consume per this post, but I was having trouble getting it to work. In order to test the firewall rules, I decided to BLOCK ALL traffic to a specific device (the roku at 192.168.10.24), so I would at least know that the firewall rule was working correctly. Traffic is getting through just fine to 192.168.10.24, which means that something is wrong with my configuration.

states.PNG_thumb

Derelict

You cannot block traffic TO a device using the rules on the interface it is connected to.

You block connections FROM that device on that interface.

Place a rule on LAN at the top for traffic sourced from 192.168.10.24/32. Place the desired limiters on that rule. In/Out are Upload/Download, respectively.

https://doc.pfsense.org/index.php/Firewall_Rule_Basics

https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

chpalmer

@Derelict:

You cannot block traffic TO a device using the rules on the interface it is connected to.

You block connections FROM that device on that interface.

Yikes.. I missed that little error in his rules..

CaseyE

Thank you, this worked!