Firewall blocks me after every rule change or service stop
-
Hello,
I am pretty new user in pfsense, i am working on the latest version (2.5.2), and after the update of pfsense version, it constantly stop responding, mainly after every rule change, or every service restarting.
It blocks me at all, and so i am not able to reach the web interface, i can't also ping the machine, and my rest solution is to disable the firewall from the shell, directly in the machine using the command pfctl -d.
Is that situation common to you? I can't investigate something specific while i am looking at the error logs, and also i have tried to remove the DNS from the general settings, also i tried to disable the DNS Resolver, as i assumed that there was a conflict with this, but noone of them helped me finally.
Could you help me please?
Thanks in advance
-
@nikpony honestly say in all the years using pfsense, have never seen such an issue..
also i tried to disable the DNS Resolver
What would that have to do with pinging the device, are you trying to ping and access via fqdn - that stops working or via IP?
-
@johnpoz Once it stops working, i am not able to ping it via fqdn also. Totally blocked.
-
@nikpony well if your rules are failing to load, then yeah that could cause no access.. What is in the log when you change the some rule.
How exactly do you get it back to working, you just stop the firewall and then restart it via console?
-
@johnpoz As stopping the firewall it give me access again.
These are a part of log messages appearing when firewall blocks me.It says that dealing with snort, but i tried also to disable it, with no luck.
Jan 21 16:34:11 snort 49003 [122:23:1] (portscan) UDP Filtered Portsweep [Classification: Attempted Information Leak] [Priority: 2] {PROTO:255} 10.168.10.198 -> 10.168.10.115
Jan 21 16:34:12 snort 49003 [122:7:1] (portscan) TCP Filtered Portsweep [Classification: Attempted Information Leak] [Priority: 2] {PROTO:255} 10.168.10.198 -> 35.157.246.167
Jan 21 16:34:19 snort 49003 [122:22:1] (portscan) UDP Filtered Decoy Portscan [Classification: Attempted Information Leak] [Priority: 2] {PROTO:255} 10.168.10.198 -> 10.168.10.115 -
@nikpony but your not seeing any issues with loading firewall rules or anyhing of the sort, but snort is blocking you.. Yeah disable it for testing, uninstall if need be..
-
@johnpoz It keeps hanging, despite the uninstallation of Snort, what else should i do?
What type of error log it's more helpful to check? -
@nikpony, what is the rule you are trying to load, can you post please.
-
@silence It does not have to do with the rule, it keeps doing it, in every rule or randomly.
-
@nikpony said in Firewall blocks me after every rule change or service stop:
It does not have to do with the rule, it keeps doing it, in every rule or randomly.
@nikpony, Without information I could not help you! sorry.
-
@silence I wish i could provide more info, but as looking in General Error Logs, there is no something specific.
-
@nikpony said in Firewall blocks me after every rule change or service stop:
I wish i could provide more info, but as looking in General Error Logs, there is no something specific.
shows the rule starts with something friend.
