Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PFSense Originated Traffic

    Firewalling
    3
    6
    502
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gerby123 last edited by

      I've got PFSense configured with Squid and PFBlockerNG and in testing DNSBLs work well however the IPBLs don't seem to be affecting traffic originated by Squid; can anyone provide insight?

      1 Reply Last reply Reply Quote 0
      • G
        gerby123 last edited by

        To be clear, I am seeing blocks for traffic coming in to the PFSense instance on the WAN interface; I'm also able to generate a block on an internal interface by pinging an address on the blacklist.  However if I write a rule that drops traffic to a certain IP but then browse to that IP with Squid as my proxy the traffic is permitted and the site comes back.

        1 Reply Last reply Reply Quote 0
        • H
          Harvy66 last edited by

          pfSense is "stateful" and in pfSense's parlance, that means the *only time a rule is checked is when a new state is being created, and only on ingress. When a state is created, the state's pair is automatically created and is not checked against the rules. When Squid makes an outgoing connection, it is never checked against the interface's rules because it's an outgoing connection. But because the outgoing state is created, the incoming state is automatically created. When the response from the remote server comes back, there's already an existing state and the rules are ignored.

          *you can use floating rules to block outgoing states from being created.

          1 Reply Last reply Reply Quote 0
          • G
            gerby123 last edited by

            Thanks,

            I've give floating rules a shot but I recall seeing the same behavior when testing with them earlier.

            1 Reply Last reply Reply Quote 0
            • K
              kpa last edited by

              Floating rules definitely work but you have to pay attention to details, make sure the rules are marked as "quick" and apply to the correct direction which is out in your case.

              1 Reply Last reply Reply Quote 0
              • G
                gerby123 last edited by

                Floating rules are working as desired, thanks!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy