Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    rules not applied/enforced

    pfBlockerNG
    2
    3
    385
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      peterlecki
      last edited by peterlecki

      Default rule order
      pfb1.png

      Firewall rule created by NAT rule is all the way on the bottom, after all pfBlocker IPs
      pfb2.png

      pfb3.png

      Yet the connections are allowed
      pfb4.png

      My Home IP is in the US (N.America) which is is above my allow rule so it should be blocked. If I change the port, then it blocks it.
      What am I not understanding?

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @peterlecki
        last edited by

        @peterlecki Any chance the state was open before the firewall rule was created?

        https://docs.netgate.com/pfsense/en/latest/troubleshooting/firewall.html#new-rules-are-not-applied

        Is your IP (subnet block) somewhere in another pfB list, and deduplication is enabled?

        On WAN it's generally not needed to block incoming packets because of the default "block all" rule. From LAN outbound is a different thing because that has a default "allow all" rule, on LAN only.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        P 1 Reply Last reply Reply Quote 1
        • P
          peterlecki @SteveITS
          last edited by

          @SteveITS
          The "new-rules-not-applied" article you linked led me to Status > Filter Reload where I saw a loading error of pfB and adjusted a setting in the Advanced>NAT tab which fixed the problem.
          Thank you for this quick response.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.