Block rules don't work at all



  • Hello,

    I'm trying to get a speed limiter set up per this post, but I am having trouble getting it to work. As a first step, I tried configuring the firewall to block ALL traffic to 192.168.10.24, but I can't even get that working; the device at that IP still streams video flawlessly.

    I created a Firewall rule under WAN to BLOCK ANY traffic with the destination IP 192.168.10.24 (screenshot attached). Why this isn't working?

    Thank you!



  • You need to show your LAN firewall rules..

    Firewall rules work fine when configured correctly. Remember that rules are from the top down. So if a rule that allows everything is above a rule that blocks the block rule will never work.



  • Here's my LAN rules.




  • Your anti lockout rule at the top trumps the block rule below it.



  • I disabled that, and traffic is still going to 192.168.10.24 just fine. Attached new screenshot with anti-lockout disabled.




  • Did you kill your states after disabling that rule?


  • LAYER 8 Netgate

    I'm trying to get a speed limiter set up per this post, but I am having trouble getting it to work. As a first step, I tried configuring the firewall to block ALL traffic to 192.168.10.24, but I can't even get that working; the device at that IP still streams video flawlessly.

    What, exactly, is your LAN network IP address/netmask?

    What, exactly, is the traffic you are trying to block?

    Please be complete and specific.



  • @chpalmer:
    I did this under Diagnostics > States > Reset States, then checked the box that says "Reset the firewall state table" and hit reset. The browser seems to hang after doing that, and so I refresh the page to get back to the web GUI. Once I get back in, all of the 192.168.10.24 connections re-establish themselves, despite the above firewall rules in place. Even if I filter for 192.168.10.24 and kill all the states that match this filter, they all come back after a few seconds. I've attached a screenshot of states page.

    @Derelict:

    My pfSense router is located at 192.168.10.1. I believe the netmask is /24 (as defined in Interfaces > LAN > Static IPv4 Configuration )
    I have a wireless AP at 192.168.10.2, which operates in AP mode.
    I have a wireless client (a Roku Device), at 192.168.10.24. This is connected through the AP.

    I want to implement speed limiters to limit the bandwidth video streaming devices on my network can consume per this post, but I was having trouble getting it to work. In order to test the firewall rules, I decided to BLOCK ALL traffic to a specific device (the roku at 192.168.10.24), so I would at least know that the firewall rule was working correctly. Traffic is getting through just fine to 192.168.10.24, which means that something is wrong with my configuration.



  • LAYER 8 Netgate

    You cannot block traffic TO a device using the rules on the interface it is connected to.

    You block connections FROM that device on that interface.

    Place a rule on LAN at the top for traffic sourced from 192.168.10.24/32. Place the desired limiters on that rule. In/Out are Upload/Download, respectively.

    https://doc.pfsense.org/index.php/Firewall_Rule_Basics

    https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting



  • @Derelict:

    You cannot block traffic TO a device using the rules on the interface it is connected to.

    You block connections FROM that device on that interface.

    Yikes..  I missed that little error in his rules..



  • Thank you, this worked!


Log in to reply