Rules not taking affect?



  • Hi, I'm not sure if i'm seeing things however, i have two default config pfSense firewalls up and running in VirtualBox. WAN interfaces are in a single NAT Network, and default f/w config blocks any ping reply using the console tools on the actual firewalls to ping one to the other WAN addresses. I then get into FW-A and enable a rule on WAN interface to allow any ICMP thru (any/any) and hit APPLY and naturally FW-B starts replying to FW-A dynamically as soon as rule table is reloaded (expected). I then change the rule to be BLOCK and APPLY, however the recursive Ping from FW-B WAN to FW-A WAN continues working. I expected it to immediately stop once the rulebase was reloaded. I have also deleted the rule which originally allowed the ping to start working and APPLY, and the recursive ping continues to work. I then deleted all rules and created a new rule to specifically block incoming ICMP on FW-A WAN port, the APPLY and the recursive ping continues to work. Of course after doing all the rule blocking and deletions, i then kill the recursive ping ont he console and try to restart it and as expected the recursive ping no longer works.

    Is this expected behaviour? I assumed that implementing a BLOCK or REJECT rule then APPLY would implement the rule dynamically.

    Scratching my head a little on this.



  • And i think i have answered this myself. Refresh States required. Therefor i would question if there needs to be a "Refresh States" button in the same screen where rules are APPLIED, or a pop up asking the Admin if the wish to enforce the rule immediately