Possible Bug in creating filter rules
-
Hi there,
I came across some minor problems while configuring pfSense on our new corp firewall machines.
Image is 1.0.1-SNAPSHOT-02-02-2007As I came from OpenBSD and PF I'm used to watching logs via shell access realtime. So I checked them today and saw some icmp6 messages spamming the logs (not that much of a problem, but I liked them out). So to get rid of them I created a LAN rule, with the following details:
Type: Block
IF: LAN
Proto: IPv6-ICMP
Source: LAN Network
To: AnyProblem is, this rule creates an error, as IPv6-ICMP is translated to "icmp6" in the rules.debug which - in this case - seems to be wrong, as pfSense's /etc/protocol file states the protocol named (as seen in the webGUI) IPv6-ICMP. Manually changing that created another error depending on the Source (LAN Network isn't possible here, as it is defined as IPv4, not v6) so I changed source to any. So I guess either the protocol file (IPv6-ICMP to icmp6) or the rule translation webgui->rules.debug has to be changed (vice-versa).
Second problem I found is that a few blocks I defined still seem to popup in the webgui as they are filtered out by the last default block rule instead of my own on top (e.g. I block netbios ports out on top to get rid of that windows-machines spamming the logs with their port 137/139 discovers). As there seems to get less of the blocks they don't vanish completely. This needs further investigation on my part, but I wanted to throw it in, as it's possible you already know some issue with that one.
Greets
Grey