Firewall state created against loopback when PPPoE down
My pfSense connects to my ISP with PPPoE. If the PPPoE goes down, outbound traffic traffic gets state created via the loopback interface. I have gateway monitoring on & 'flush all states when a gateway goes down'. The problem is that null4 becomes the 'default route', resulting in outbound traffic going to loopback & firewall state being created. My ATA keeps retrying, but because it's the same 'session' - it never times out from the firewall state - I need to manually delete the state created via loopback to get my ATA back online.
Is there a way to 'discard' traffic when there is no real default gateway? Or can I configure the firewall to not create state when traffic is going to null4?
You can get around that with the following workaround:
- Create a reject non-quick floating rule that is fairly specific to the traffic in question. On this rule, do not select any interfaces.
- Create a second pass non-quick floating rule that passes the same traffic. This time, select the WAN interfaces, and set the direction to "out".
This should prevent states from being created on the loopback interfaces as the reject rule matches all (including loopback interfaces), and the pass rule overrides the reject rule only for the given WAN interfaces