let out anything IPv4 from firewall host itself source is foreign ip


  • I have setup a pfsense with some firewall rules to allow my servers access to a pfsense lab and blocking all other ips. however i am seeing some foreign ips being allowed to my servers with the log being "let out anything IPv4 from firewall host itself". I am also seeing my servers being allowed to access these foreign ips. The rules i set up only have allow my ips in. does this mean that they have logged into the pfsense. Should i be worried that the pfsense is compromised? I cannot find any information on how to remove this default rule.

    version 2.4.5-RELEASE-p1

    Thank you


  • @kevin-chan-aebc If you have the WAN port of your pfsense box on the actual internet, and you have basic pass rules on your WAN interface, then yes, machines out on the internet can get in. If you have done none of this, pfsense itself is setup "out of the box" to NOT pass any traffic thru from the WAN (internet).

    You say in your post "access to a pfsense lab". Is this pfsense box already behind a router? If so, and you don't have WAN rules set, still nothing gets in.

    What would be helpful is if you took a screenshot of your pfsense WAN firewall rules, and give a brief description of how your network(s) are setup.

    Jeff

  • LAYER 8 Global Moderator

    And the firewall entries your actually seeing.

    Also pfsense can talk to anything it wants to.. Are you using a proxy, if so pfsense would be doing the talking not your client behind asking proxy to go xyz..