Deny rule appling to every additional interface despite having explict allow rules
-
I have been using pfsense for near on ten years and I have then issue that feels like a newbie thing.
Pfsense is installed on a HP server with four nics (2x10gbe and 4x1gbe)
I have three inter faces in use
one WAN
a DMZ on a VLAN
a LAN tagged at the switchThis works perfectly
However if I configured an additional interface on one of the spare nics
Despite adding a firewall rule for the interface allowing all traffic out
I get outbound traffic blocked
This happens whether it is a vlan or notFor example opt1 is configured 192.168.7.254/24
dhcp range is 192.168.7.100 - 192.168.7.120
firewall rule on interface opt1 is IPv4/* source 192.168.7.0/24 dest any
system logs firewal shows blocked by Default deny rule IPv4 (1000000103)
further details are @5(1000000103) block drop in log inet all label "Default deny rule IPv4"This is a production box and my reboot window is very limited.
James Vodanovich
-
post up in your interface rules and your firewall log - my guess would be blocks are out of state.
-
update
I rebooted the system and things got a lot worst
The web interface php-fm failed to start
Nothing was being being passed and the gateway stayed down.
It appears a corrupted conflicted (the last 10 in the config backups dir)
I have a copy of the config and once sanitized I will post.
Might be a fews days as I am now flat out redoing last weeks work (saving the config off device every hour)I had to restore an old backup and then reapply the last weeks changes.
The one unusual thing about the setup is the WAN is connected on a private net of a cisco VRF group and the wan ip's are virtual ips (a slash /29) . As a result there are a few custom outbound nat rules