Firewall blocking even after adding rule to allow
-
I'm at my wits end with this one. We're on pfSense v2.3.4 p1 and it's working as expected except for this firewall oddity.
I'm attempting to access phones on a remote network. I'm able to PING all the phones. I'm even able to access the phone server, 10.2.2.227
But when I attempt to access a phone the firewall grabs my packets and shuts me down - and logs the block too.
The image attachments show the block in the firewall log and the rule I added with "add easy rule".
Can anyone enlighten me as to why I could reach 10.2.2.227 on port 80 but 10.2.2.105 on port 80 is blocked by the firewall - especially after adding the rule shown ???
-
Oh, and to make things more bizarre … I tried flipping this all around and REJECTed all traffic to 10.2.2.227 from my computer's network 10.1.1.0/24
And, with those rules in effect I'm still able to access 10.2.2.227
I'm clearly overlooking something but cannot figure this out.
PS - I've cleared all the states before my testing to assure there wasn't something lingering.
-
AAAAAAND to answer my own question.
The traffic shaping rules had an error. We had a blank in the bandwidth use in two queues.
Thus when the firewall was reloading it would hit that blank bandwidth and stop loading our new rules. Instead it was just sitting back and using the old rules.
I corrected the missing bandwidth values in the traffic shaping queues - reloaded the firewall - voila! Our new rules, permitting access to the phones, now work as expected.
LESSON LEARNED –- if there's a warning appearing in the top-most bar in pfSense you better go fix something. Otherwise the box won't work as expected.
... though, it's surprising the traffic shaper bandwidth rules would have such an effect on the firewall rules.
-
Been there, done that. I now watch the top right like a hawk for notifications any time I change my traffic shaping.
