Deny rule appling to every additional interface despite having explict allow rules



  • I have been using pfsense for near on ten years and I have then issue that feels like a newbie thing.
    Pfsense is installed on a HP server with four nics (2x10gbe and 4x1gbe)
    I have three inter faces in use
    one WAN
    a DMZ on a VLAN
    a LAN tagged at the switch

    This works perfectly
    However if I configured an additional interface on one of the spare nics
    Despite adding a firewall rule for the interface allowing all traffic out
    I get outbound traffic blocked
    This happens whether it is a vlan or not

    For example opt1 is configured 192.168.7.254/24
    dhcp range is 192.168.7.100 - 192.168.7.120
    firewall rule on interface opt1 is IPv4/* source 192.168.7.0/24 dest any
    system logs firewal shows blocked by Default deny rule IPv4 (1000000103)
    further details are @5(1000000103) block drop in log inet all label "Default deny rule IPv4"

    This is a production box and my reboot window is very limited.

    James Vodanovich


  • Rebel Alliance Global Moderator

    post up in your interface rules and your firewall log - my guess would be blocks are out of state.



  • update
    I rebooted the system and things got a lot worst
    The web interface php-fm failed to start
    Nothing was being being passed and the gateway stayed down.
    It appears a corrupted conflicted (the last 10 in the config backups dir)
    I have a copy of the config and once sanitized I will post.
    Might be a fews days as I am now flat out redoing last weeks work (saving the config off device every hour)

    I had to restore an old backup and then reapply the last weeks changes.

    The one unusual thing about the setup is the WAN is connected on a private net of a cisco VRF group and the wan ip's are virtual ips (a slash /29) . As a result there are a few custom outbound nat rules


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy