Tags not working, gateway down but pfsense still sending traffic over it... firewall basically not working
I'm struggling with getting the firewall part of pfsense to working anywhere half decent.
I'm routing all traffic from 192.168.0.15 over a vpn so I made the following rule. However on disabling the gateway and checking my wan IP form that client, it somehow still shows the vpn IP. How is this even possible? No traffic should be possible if the GW is down.
Looking at the above screenshot, the 192.168.0.15 block GW_WAN rule doesn't work.
Tagging doesn't work either. In the above 192.168.0.5 rule set NO_WAN_EGRESS as the tag. Created a floating rule blocking traffic with NO_WAN_EGRESS in the tag but all that does is block ALL traffic.
So basically pfsense ignores the state of gateways and firewall rules. I'm sure I'm doing something wrong but makes no freaking sense at all.
Grimson Banned last edited by
Re-read: https://docs.netgate.com/pfsense/en/latest/book/firewall/index.html and https://docs.netgate.com/pfsense/en/latest/book/openvpn/index.html it will hopefully open your eyes.
it somehow still shows the vpn IP.
You pulled routes from your vpn service.. If you want to policy route, you should not pull routes from your vpn service.. Click this in your vpn client setup
Now you can policy route.
Also once a state is made, you would have to flush the state(s)... States are evaluated before rules.. Yup highly suggest you read up the links provided by Grimson.
@johnpoz Thanks, that was the problem. Did a few quick tests with that setting enabled and now everything appears to be working as intended.