firewall rule not being applied



  • Hello,

    I have a router that has network 10.21.30.0/24. My Pfsense has two physical interfaces WAN (public IP) and LAN.
    My LAN is a trunk port to my internal network. My native Vlan is vlan 30 which is in the 10.21.30.0/24 network.
    I have two other networks
    10.21.20.0/24 Vlan 20
    10.21.21.0/24 Vlan 21

    I dont want any networks talking to each other especially from the Firewall to the router. So both vlan 20 and 21 should be isolated only access to the internet.

    Pfsense has the following private IP's assigned to it.
    10.21.30.10
    10.21.20.1
    10.21.21.1

    I am able to ping from the 10.21.20.0 network to the host 10.21.30.3. When I do a tcpdump I see the pings coming from 10.21.30.10.

    1. Not really sure why pfsense is sending traffic out that interface when the only GW on the Firewall is the WAN all other interfaces do not have a GW.
    2. When I apply the rule below I am still able to ping the host.
      on the interface associated with vlan 20 I have block source 10.21.20.0/24 any 10.21.30.0/24
    3. I apply the changes and save them.

    Any idea what I am doing wrong?



  • @mrjoli021 said in firewall rule not being applied:

    I am able to ping from the 10.21.20.0 network to the host 10.21.30.3. When I do a tcpdump I see the pings coming from 10.21.30.10.

    1. Not really sure why pfsense is sending traffic out that interface when the only GW on the Firewall is the WAN all other interfaces do not have a GW.
    2. When I apply the rule below I am still able to ping the host.
      on the interface associated with vlan 20 I have block source 10.21.20.0/24 any 10.21.30.0/24
    1. You don't need a route for a directly connected interface.
    2. Is the rule specifying protocol icmp or any? Is the rule at the top of the list on the Interface? Did you clear states before testing the ping again?


  • I did not realize I had to stop the ping and start it again. I thought that once I applied the rule it would automatically kill all sessions. Once I stopped the ping and started it again the rule worked. Is there a way to kill all sessions that the rule applies to?

    Thanks



  • It doesn't do it automatically. You can go to diagnostics, states and clear them there.



  • Thanks,

    It was driving me crazy.


Log in to reply