Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Possible Bug in creating filter rules

    Scheduled Pinned Locked Moved
    Firewalling
    1
    1
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JeGrJ
      JeGr LAYER 8 Moderator
      last edited by

      Hi there,

      I came across some minor problems while configuring pfSense on our new corp firewall machines.
      Image is 1.0.1-SNAPSHOT-02-02-2007

      As I came from OpenBSD and PF I'm used to watching logs via shell access realtime. So I checked them today and saw some icmp6 messages spamming the logs (not that much of a problem, but I liked them out). So to get rid of them I created a LAN rule, with the following details:

      Type: Block
      IF: LAN
      Proto: IPv6-ICMP
      Source: LAN Network
      To: Any

      Problem is, this rule creates an error, as IPv6-ICMP is translated to "icmp6" in the rules.debug which - in this case - seems to be wrong, as pfSense's /etc/protocol file states the protocol named (as seen in the webGUI) IPv6-ICMP. Manually changing that created another error depending on the Source (LAN Network isn't possible here, as it is defined as IPv4, not v6) so I changed source to any. So I guess either the protocol file (IPv6-ICMP to icmp6) or the rule translation webgui->rules.debug has to be changed (vice-versa).

      Second problem I found is that a few blocks I defined still seem to popup in the webgui as they are filtered out by the last default block rule instead of my own on top (e.g. I block netbios ports out on top to get rid of that windows-machines spamming the logs with their port 137/139 discovers). As there seems to get less of the blocks they don't vanish completely. This needs further investigation on my part, but I wanted to throw it in, as it's possible you already know some issue with that one.

      Greets
      Grey

      Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post