Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    filter reload allows persistent TCP traffic to be established

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 156 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      opoplawski
      last edited by

      I'm facing the following dilemma: we maintain a local URL Table alias of IPs banned by fail2ban:

      15c872fa-50a0-49ad-a350-cbb86721d050-image.png

      used by the following floating firewall rules:

      4ba39db4-1f6e-4890-964f-7a8c1123319f-image.png

      the problem is when pfsense does a filter reload, that rule appears to briefly no longer take effect long enough for attackers to establish persistent TCP connections to a public facing proxy server and hammer it until it crashes.

      Is it expected that the firewall would be open like that or could something else be going on (disconnect between the active and persistent fail2ban list for example)?

      If it is, it seems my only recourse would be to somehow kill any active states for the IPs in that list after reload. Is there a way I can hook into that process?

      Thanks for any help.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.