IPSEC firewall rules udp/4500
Please enlighten me, struggling to understand why my IPSEC mobile client can connect even if the udp/4500 rule is disabled.
So OUTSIDE is my WAN interface udp/500, udp/4500(disabled), ESP is allowed beside my OpenVPN ports and "Disable all auto-added VPN rules." IS checked.
I have tested on my notebook with a mobile hotspot and in the meantime checked the packets with wireshark.
UDP/4500 with ESP payload is flowing seemlessly.
Why can I connect if the 4500 rule is disabled? Is this some kind of stateful behaviour?
@mind12 The two most obvious options:
1: After you disable the rule you need to reload states if you used to connection up until disabling the rule. Otherwise the state is still present and allowed in pfSense.
2: Du you by any chance have a floating rule allowing the traffic?
Thank you, your assumption was great.
It was option 1 and the previous states that had allowed the connection the new connection.
I guessed if I disconnect the VPN properly the firewall states also disapper "instantly" but it's not the case. Maybe I should have waited a little bit more before testing the connection again.
Anyway it's such a relief that not my firewall rules were bad with a firewall hole somewhere.