Deny rule appling to every additional interface despite having explict allow rules

  • I have been using pfsense for near on ten years and I have then issue that feels like a newbie thing.
    Pfsense is installed on a HP server with four nics (2x10gbe and 4x1gbe)
    I have three inter faces in use
    one WAN
    a DMZ on a VLAN
    a LAN tagged at the switch

    This works perfectly
    However if I configured an additional interface on one of the spare nics
    Despite adding a firewall rule for the interface allowing all traffic out
    I get outbound traffic blocked
    This happens whether it is a vlan or not

    For example opt1 is configured
    dhcp range is -
    firewall rule on interface opt1 is IPv4/* source dest any
    system logs firewal shows blocked by Default deny rule IPv4 (1000000103)
    further details are @5(1000000103) block drop in log inet all label "Default deny rule IPv4"

    This is a production box and my reboot window is very limited.

    James Vodanovich

  • LAYER 8 Global Moderator

    post up in your interface rules and your firewall log - my guess would be blocks are out of state.

  • update
    I rebooted the system and things got a lot worst
    The web interface php-fm failed to start
    Nothing was being being passed and the gateway stayed down.
    It appears a corrupted conflicted (the last 10 in the config backups dir)
    I have a copy of the config and once sanitized I will post.
    Might be a fews days as I am now flat out redoing last weeks work (saving the config off device every hour)

    I had to restore an old backup and then reapply the last weeks changes.

    The one unusual thing about the setup is the WAN is connected on a private net of a cisco VRF group and the wan ip's are virtual ips (a slash /29) . As a result there are a few custom outbound nat rules

Log in to reply