<![CDATA[Tags not working, gateway down but pfsense still sending traffic over it... firewall basically not working]]>Hi,

I'm struggling with getting the firewall part of pfsense to working anywhere half decent.

Problem 1:
I'm routing all traffic from 192.168.0.15 over a vpn so I made the following rule. However on disabling the gateway and checking my wan IP form that client, it somehow still shows the vpn IP. How is this even possible? No traffic should be possible if the GW is down.
0_1550487623309_114e309f-3fab-417a-ac3b-53a685a2ff51-image.png

Problem 2:
Looking at the above screenshot, the 192.168.0.15 block GW_WAN rule doesn't work.

Problem 3:
Tagging doesn't work either. In the above 192.168.0.5 rule set NO_WAN_EGRESS as the tag. Created a floating rule blocking traffic with NO_WAN_EGRESS in the tag but all that does is block ALL traffic.
0_1550488003973_c97389f8-8057-44b3-8834-874fe5707a49-image.png
0_1550488013696_3d7f5654-0417-4282-a660-87c5ec75af37-image.png
0_1550488019615_a2725ccb-16c0-4222-a6cd-33d749eee7d6-image.png

So basically pfsense ignores the state of gateways and firewall rules. I'm sure I'm doing something wrong but makes no freaking sense at all.

]]>https://forum.netgate.com/topic/140715/tags-not-working-gateway-down-but-pfsense-still-sending-traffic-over-it-firewall-basically-not-workingRSS for NodeFri, 15 May 2026 20:36:24 GMTMon, 18 Feb 2019 11:08:06 GMT60<![CDATA[Reply to Tags not working, gateway down but pfsense still sending traffic over it... firewall basically not working on Mon, 18 Feb 2019 12:57:59 GMT]]>@johnpoz Thanks, that was the problem. Did a few quick tests with that setting enabled and now everything appears to be working as intended.

]]>https://forum.netgate.com/post/824695https://forum.netgate.com/post/824695Mon, 18 Feb 2019 12:57:59 GMT<![CDATA[Reply to Tags not working, gateway down but pfsense still sending traffic over it... firewall basically not working on Mon, 18 Feb 2019 11:19:43 GMT]]>@dutchsamurai said in Tags not working, gateway down but pfsense still sending traffic over it... firewall basically not working:

it somehow still shows the vpn IP.

You pulled routes from your vpn service.. If you want to policy route, you should not pull routes from your vpn service.. Click this in your vpn client setup

0_1550488513398_pullroutes.png

Now you can policy route.

Also once a state is made, you would have to flush the state(s)... States are evaluated before rules.. Yup highly suggest you read up the links provided by Grimson.

]]>https://forum.netgate.com/post/824677https://forum.netgate.com/post/824677Mon, 18 Feb 2019 11:19:43 GMT<![CDATA[Reply to Tags not working, gateway down but pfsense still sending traffic over it... firewall basically not working on Mon, 18 Feb 2019 11:15:57 GMT]]>Re-read: https://docs.netgate.com/pfsense/en/latest/book/firewall/index.html and https://docs.netgate.com/pfsense/en/latest/book/openvpn/index.html it will hopefully open your eyes.

]]>https://forum.netgate.com/post/824676https://forum.netgate.com/post/824676Mon, 18 Feb 2019 11:15:57 GMT