Help! What is FW-Rule @237 ?

  • Hello dear pfSense Users and Admins!

    I have just installed a new server and restored the old config from the server before.

    I can access the internet, but I cannot access OPT1-Interface (not from LAN or WAN).
    The OPT1-Devices can ping each other, but not access WAN.

    When I look into the FW-Log I see that all connections from WAN are blocked with this
    "@237 block drop in log quick all label "Default block all just to be sure""

    Why is that happening?
    On the old server it worked perfectly.

    I am also writing this entry from behind this pfsense-installation, so outgoing traffic is no problem from

    A quick help would be perfect as I am currently standing in the datacenter and need to get this working :-(

    *  LAN net  *  *  *  *  Default LAN -> any

    WAN and OPT1 are bridged:

    bridge0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 1500
    ether 12:e2:7c:af:b6:d7
    priority 32768 hellotime 2 fwddelay 15 maxage 20
    member: le3 flags=7 <learning,discover,stp>port 4 priority 128 path cost 55 disabled
    member: le2 flags=7 <learning,discover,stp>port 3 priority 128 path cost 55 forwarding
    member: le1 flags=7 <learning,discover,stp>port 2 priority 128 path cost 55 forwarding

    le3 is disabled because i tried another network-card-port to make sure that it is not a hardware problem ;-)

    Any clues?

    EDIT: pfSense is 1.0.1-SNAPSHOT-01-13-2007

    Thanks a lot in advance,

    best regards,


  • This is the default block all rule that is the last rule present at all interfaces. This means no other previous listed rule  did match for this traffic. Revisit your rules. Something must be set up wrong.

  • Hello, Hoba!

    Thanks for your reply!

    Well I just used the backup i did on the old server a few minutes before… could it not have been correctly imported using that pfsense-version?

    Should I go back to the latest stable (1.0.1) release possibly?

    I really do not know what to do :-( (as i used the old backup file and the rules inside the webconfigurator all look the same as on the old server...)

    what else could I do?

    Thanks a lot!!


  • In this case go back to 1.0.1 release for now and try to evaluate your old config with the new snap in the lab before going on site  ;)
    (I had some kind of issue yesterday too with the latest snapshot and an imported multiwan setup; didn't have time to do further diagnosis on it yet)

  • Thanks hoba, I will reinstall and keep you updated… thanks for the quick help!!


  • It did not work :-(

    Again the same problem… no traffic goes to the opt1-interface... not from WAN and also not
    from LAN... Do you have another idea?

    I could give ssh access to the firewall if you have the time to have a quick look at it?
    (I hope the firewall permits the ssh access)
    EDIT: no, i cannot access the fw via SSH even though it is activated within pfsense... :-( )
    EDIT2: now all firewall blocks are @235

    What can we do?  ???

    Thanks a lot,


  • Sounds like your backuped config.xml is somehow broken? What version did you run when you made the backup?

  • that is a snapshot of 1.0.1 from the 7th of january i think…
    I currently cannot access it as I have the new fw-server online currenty...

    is there a log file on the pfsense in which i could have a look to find out what is going wrong?

    EDIT: I now used an older backup file (from version 1.0.1 stable) and have the same problem...

    The opt1-interface is locked out... i cannot ping into it from lan and have no access from wan...

    Hoba, any other clues?

    I am really beginning to get depressed over this  :'(

  • What does status>interfaces report? Also check if the interface assignment is correct at interfaces>assign.

  • Hoba,

    thanks a lot for your reply.

    I've now arrived at home again, so I will make a test-setup tomorrow and post here again.

    For some reason, pfSense hates me :-(

    Just to update you what I already did:
    First I tried it on a HP DL 380 G2 with two 64-bit Intel 2-Port GBit NICs, then I bought
    a new HP Blade BL20p G3 with 3 onboard GBit NICs.
    With both servers pfSense lost packets.

    Now I have created a VM for testing purposes and installed pfSense into the VM on
    the DL 380 G2.
    I hoped to fix the hardware/driver Problems of FreeBSD and my HP/Intel-HW with that virtualization
    But now I cannot get access to the OPT1 interface (that the thread here).

    Well tomorrow I will install a test-server for the OPT1-Interface and then I hope that I can solve this for once and
    for all together with your help ;-)

    I'll try to make the SSH-Access to the pfSense work so that you can have a look directly at it and don't
    have to rely on my answers here ;-)

    Hoba I wish you a pleasent evening!

    Best regards,


Log in to reply