Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Deny rule appling to every additional interface despite having explict allow rules

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 326 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jvodan
      last edited by

      I have been using pfsense for near on ten years and I have then issue that feels like a newbie thing.
      Pfsense is installed on a HP server with four nics (2x10gbe and 4x1gbe)
      I have three inter faces in use
      one WAN
      a DMZ on a VLAN
      a LAN tagged at the switch

      This works perfectly
      However if I configured an additional interface on one of the spare nics
      Despite adding a firewall rule for the interface allowing all traffic out
      I get outbound traffic blocked
      This happens whether it is a vlan or not

      For example opt1 is configured 192.168.7.254/24
      dhcp range is 192.168.7.100 - 192.168.7.120
      firewall rule on interface opt1 is IPv4/* source 192.168.7.0/24 dest any
      system logs firewal shows blocked by Default deny rule IPv4 (1000000103)
      further details are @5(1000000103) block drop in log inet all label "Default deny rule IPv4"

      This is a production box and my reboot window is very limited.

      James Vodanovich

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        post up in your interface rules and your firewall log - my guess would be blocks are out of state.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • J
          jvodan
          last edited by

          update
          I rebooted the system and things got a lot worst
          The web interface php-fm failed to start
          Nothing was being being passed and the gateway stayed down.
          It appears a corrupted conflicted (the last 10 in the config backups dir)
          I have a copy of the config and once sanitized I will post.
          Might be a fews days as I am now flat out redoing last weeks work (saving the config off device every hour)

          I had to restore an old backup and then reapply the last weeks changes.

          The one unusual thing about the setup is the WAN is connected on a private net of a cisco VRF group and the wan ip's are virtual ips (a slash /29) . As a result there are a few custom outbound nat rules

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.