Fire Wall rule not effecting Active sessions



  • Hi all I am a newbie to pfsense. I have a strange problem. This might have been addressed earlier but I could not find under blogs. If you know please send me link or guide me through.

    MY SETUP

    em0        WAN              208.50.82.16/24  static
                Default  GW      208.50.82.2 
                DNS                4.2.2.2
    em3      LAN                192.168.2.233/24

    THE ISSUE

    If I ping the WAN IP of my firewall from another wan network I get  request timed out 
          I added a rule under WAN that states

    pass in quick on em0 reply-to (em0 208.50.82.2) inet proto icmp all keep state label "USER_RULE

    And I get a ping reply. But now if I keep my ping window open an constantly ping the WAN address and change the rule as following

    block drop in quick on em0 reply-to (em0 208.50.82.2) inet proto icmp all label "USER_RULE:

    I still get ping reply. What I have noticed is that if I stop pinging for about two minutes and then ping again the block rule kicks into action. But then I cannot disable it, I have to wait about 5 minutes after chaning this rule from block to pass. This situation is consistent with SSH and HHTP. Rules will not effect the active sessions. Please help and guide me what am I doing wrong here.



  • This is the way it works, if you want to apply your new rules to established connections, clear the state table.



  • Thank you for your reply. This was a big help. I was able implement all firewall rules on the fly. After you pointed me in correct direction, first I used

    pfctl -F state            this did the trick and all new rules implemented immediately.

    Than I looked around under WEB GUI and found the following link that made the job really easy.

    DIAGNOSTICS –-> STATES ---- RESET STATES

    THANKS :)


Log in to reply