FW Rules Not Blocking



  • I have a virtualized pfSense instance with 2 physical interfaces

    WAN Access port
    LAN Trunk port (with VLANs 10, 99)

    I already have the trunk and vlan interfaces configured and working, however I'm running into a strange issue

    VLAN10 - 10.10.20.0/24 - Labeled as VLAN10
    VLAN99 - 10.10.99.0/24 - Labeled as IOT

    The following rules are configured for VLAN99

    VLAN10 simply has an any-to-any

    Now the issue is that even though I'm blocking all of RFC1918 (as well as VLAN10) on the rules for VLAN99 I can still ping devices from VLAN10 on VLAN99 and vice versa.

    When I do a trace from both VLANS I can see the traffic hitting the VLAN interface on pfSense then getting routed over to the other VLAN.

    I know that this is what inter-vlan routing should be doing but shouldn't the rules on VLAN99 be blocking the packet as soon as it hits the VLAN99 interface?



  • I figured it out, instead of using the interface "net" option in the source and dest. I changed it over to address and now blocking works as expected.