Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    GUI Diagnostics Ping not blocking

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 189 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      softcoder
      last edited by

      Hello I create a firewall rule to block all traffic from LAN2 to LAN1. When I use computers on LAN2 they indeed get ping timeouts and cannot visit http on LAN1, but when I use the Web GUI's Diagnostics -> Ping feature to ping a specific IP on LAN1 and use LAN2 interface as the source the pings work and do not timeout. Why is that?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by viragomann

        The firewall rule is applied to incoming packets on the particular interface, but not an packets from pfSense itself.
        I.e. the ping option is not meant for testing rules.

        1 Reply Last reply Reply Quote 0
        • S
          softcoder
          last edited by

          The documentation for example says:

          Source Address: The IP address from which the ping will be sent. This is especially important when testing LAN-to-LAN VPN connectivity.

          Therefore I dont see how this is different from trying to test block rules?

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            https://docs.netgate.com/pfsense/en/latest/firewall/firewall-rule-basics.html?highlight=firewall%20rule%20basics
            Check out the very first sentence.

            Pings from the pfSense itself do not enter an interface.

            The source address is the part of every IP packet. The source address may be set to the LAN address or what ever, but the ping comes from pfSense itself and doesn't enter an interface.
            That function is meant for diagnostic network problems, but not to test firewall rules.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.