Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Changing pysical interface definition - And firewall rules

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 381 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bingo600B
      bingo600
      last edited by

      I found a mistake in my interface config today.
      I have just put a VLAN interface with some rules applied in production , and was wondering why it didn't work (dhcp).

      After a bit of debugging i saw that ny interface was set to IGB1 , instead of VLAN-xxx on IGB1.
      No worries i thought , i'll just switch to the correct vlan on the interface definition.

      Well it worked ... kinda'.

      The client got the correct dhcp addr , and i was told that "Internet" worked (could go to google).

      But i saw a lot of deny's on the interface, on packets i had permitted in the interface rules (when it was assigned to the old - wrong interface).

      My suspicion is that even though i switched the interface from IGB1 to VLAN-xxx on IGB1 (think it was opt7) , the rules might still have been applied to IGB1. Could that be correct ?

      What i have done now , is that i have edited every rule on the "New interface" , changing nothing , just pressing save. In the hope that it would update the interface to the newly selected.

      I see no blocks of packets permitted anymore, all seems good.

      But is this "edit/save" the way to do this , or should i delete all rules and recreate them ?

      I'm primarily thinking if something is messed up , by me switching interface (number) on the fly, and just "touching" the rules

      Any reassurance or tips are welcome.

      /Bingo

      If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

      pfSense+ 23.05.1 (ZFS)

      QOTOM-Q355G4 Quad Lan.
      CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
      LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        You shouldn't have to do that. The firewall rules in the config are created against 'opt7'. You can change what opt7 is assigned as and the rules will follow it.
        It's a big change, you might find some things that are not updated or at least not immediately. You will probably have states open on the old assignment for example.
        Resaving things on that interface will regenerate any config and correct anything still using the old interface assignment as you found.

        If you rebooted it should all come up correctly, that's not always possible of course.

        Steve

        1 Reply Last reply Reply Quote 0
        • bingo600B
          bingo600
          last edited by

          Thanx Steve.
          For the reassurance.

          And yes .. A reboot would not have been optimal.

          /Bingo

          If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

          pfSense+ 23.05.1 (ZFS)

          QOTOM-Q355G4 Quad Lan.
          CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
          LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.