pfBlocker bug or mis-configure WAN open
-
Hi all, I have several pfsense 2.52 running latest pfblocker. We have a whitelist only GeoIP across all our rules. When we do this I can access the pfense gui on whatever port its on internally (443/444/8080/80 etc) . As soon as I disable pfblocker you get page not found.
I thought I had it fixed by putting a top firewall rule that was from ANY WAN to 'self' BLOCK . It seemed to work for about 30 seconds and then the page reloaded again.
Ive been trying to put suricata on but having issue with it being too sensitive (it drops packets to IPs that are whitelisted) but until I get to dig into that more this was a decent stop gap (we block in and out using pfblocker)
I can setup a brand new pfsense, and reproduce it, I am just not sure why its allowing the traffic when there is clearly no rule from WAN to http.
-
It sounds like you whitelist includes your own IP and you are applying it inbound on WAN which you probably don't want.
The pfBlocker rules generally get moved to the top of the list whenever they update which is probably why your block rules is being overridden. You can change that behaviour though or add a floating rule depending on how you have set the pfBlocker rules to apply.
Can we see a screenshot of your WAN rules and floating rules if you're using them?
Steve