Block rule with schedule just almost working



  • I am testing with a few block rules to just verify functionality, before editing more details into them, but am experiencing some behavior I cannot explain.

    I set up schedule to catch all: 0000-2359 all days, see below
    I set up alias and add a host
    I set up FW rule on LAN - above default allow all out, blocking access to all protocols, from Alias to any, see below

    Sure enough, host cannot ping, cannot telnet to port 110 etc.
    BUT, host can surf the web without any problems! Restart browser in host, reset states in pfSense - nothing happens - host can still surf!

    What am I missing?! These types of core features surely cannot malfunction, yes/no?
    Version 1.2.3-RELEASE, Installed packages see pic.

    TIA,
    ![pfsense - Firewall- Rules_1267533569302.png_thumb](/public/imported_attachments/1/pfsense - Firewall- Rules_1267533569302.png_thumb)
    ![pfsense - Firewall- Rules_1267533569302.png](/public/imported_attachments/1/pfsense - Firewall- Rules_1267533569302.png)
    ![pfsense - Firewall- Schedules_1267534033514.png](/public/imported_attachments/1/pfsense - Firewall- Schedules_1267534033514.png)
    ![pfsense - Firewall- Schedules_1267534033514.png_thumb](/public/imported_attachments/1/pfsense - Firewall- Schedules_1267534033514.png_thumb)
    ![pfsense - System- Package Manager_1267534278364.png](/public/imported_attachments/1/pfsense - System- Package Manager_1267534278364.png)
    ![pfsense - System- Package Manager_1267534278364.png_thumb](/public/imported_attachments/1/pfsense - System- Package Manager_1267534278364.png_thumb)



  • UPDATE
    –-----

    I have now uninstalled Lightsquid (must be uninstalled before Squid otherwise there are errors and uninstall fails..) and Squid and after a few reboots it seems that my block rule is working as intended.

    Obviously Squid is in a number of situations a problem, I have to do some rethinking when it comes to if and how I should use the Squid package then. Any thoughts and comments welcome.


Log in to reply