[Solved] Isn't these two rules the same?

furom · May 7, 2023, 1:54 PM

Hi,

I had a rule for DNS which has worked fine, now I found a new block in the log, which is what I believe the same thing? So why was DNS blocked for 10.2 when the above rule was in effect?

SteveITS · May 6, 2023, 5:30 PM

@furom is it this?
https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html

furom · May 6, 2023, 5:41 PM

@steveits said in Isn't these two rules the same?:

@furom is it this?
https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html

I don't think so... It looks like an ordinary DNS request, not following anything particular

chpalmer · May 6, 2023, 5:57 PM

@furom

No they are not. I am going to guess that 192.168.10.2 is on the "Private" subnet??..

The first firewall rule is pointed at the same subnet.

The second points to another subnet which you have not provided that name.

But should point to simply 192.168.1.1 OR.. if you have the DNS service of your choice active on your Private firewall address then
assuming 192.168.10.1 "this firewall"

chpalmer · May 6, 2023, 5:59 PM

@chpalmer

Since from your log entries your client device at 192.168.10.2 is already programmed to look to 192.168.1.1 then make your firewall rule match on the 192.168.10.0 subnet.

furom · May 6, 2023, 5:59 PM

@chpalmer Thanks! That clears it up a bit for me. I thought they essentially were the same and thus intrigued. :)

johnpoz · May 6, 2023, 6:07 PM

@furom the only way that first rule would be the same as rule below it, is if your network was say a /16, 192.168.x.x and 192.168.10.2 is on private net, and so its 192.168.1.1

Is that the case? What is the private net actual network 192.168.?.?/?

chpalmer · May 6, 2023, 6:11 PM

@johnpoz said in Isn't these two rules the same?:
if your network was say a /16, 192.168.x.x and 192.168.10.2 is on private net, and so its 192.168.1.1

I was wondering that but figured it was a stretch.. (in more ways than one ;) )

johnpoz · May 7, 2023, 1:59 PM

@chpalmer said in Isn't these two rules the same?:

figured it was a stretch

you would be surprise how many users of /16 or 10/8 ;) drives me nuts to be honest... Lets use up 1 of the 3 netblocks of all of rfc1918 for 1 segment heheh

Maybe they are using 192.168.0.0/20

The other thing that I can't figure out is why do people sill mention network classes A,B,C etc... I mean those went away 30 some years go when cidr came out.. Back in like 93, I remember networking before that, etc. But then again I am a really old fart.. But you still it come up all the time - which blows my mind..

furom · May 7, 2023, 11:48 AM

@johnpoz said in Isn't these two rules the same?:

@furom the only way that first rule would be the same as rule below it, is if your network was say a /16, 192.168.x.x and 192.168.10.2 is on private net, and so its 192.168.1.1

Is that the case? What is the private net actual network 192.168.?.?/?
Hi,
Usually I keep my nets as small as possible, like /28 or /29 so, sorry, no /16 here... :)