Possible Bug in creating filter rules


  • Rebel Alliance Moderator

    Hi there,

    I came across some minor problems while configuring pfSense on our new corp firewall machines.
    Image is 1.0.1-SNAPSHOT-02-02-2007

    As I came from OpenBSD and PF I'm used to watching logs via shell access realtime. So I checked them today and saw some icmp6 messages spamming the logs (not that much of a problem, but I liked them out). So to get rid of them I created a LAN rule, with the following details:

    Type: Block
    IF: LAN
    Proto: IPv6-ICMP
    Source: LAN Network
    To: Any

    Problem is, this rule creates an error, as IPv6-ICMP is translated to "icmp6" in the rules.debug which - in this case - seems to be wrong, as pfSense's /etc/protocol file states the protocol named (as seen in the webGUI) IPv6-ICMP. Manually changing that created another error depending on the Source (LAN Network isn't possible here, as it is defined as IPv4, not v6) so I changed source to any. So I guess either the protocol file (IPv6-ICMP to icmp6) or the rule translation webgui->rules.debug has to be changed (vice-versa).

    Second problem I found is that a few blocks I defined still seem to popup in the webgui as they are filtered out by the last default block rule instead of my own on top (e.g. I block netbios ports out on top to get rid of that windows-machines spamming the logs with their port 137/139 discovers). As there seems to get less of the blocks they don't vanish completely. This needs further investigation on my part, but I wanted to throw it in, as it's possible you already know some issue with that one.

    Greets
    Grey


Log in to reply