Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Possible Bug in creating filter rules

    Firewalling
    1
    1
    1696
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JeGr
      JeGr LAYER 8 Moderator last edited by

      Hi there,

      I came across some minor problems while configuring pfSense on our new corp firewall machines.
      Image is 1.0.1-SNAPSHOT-02-02-2007

      As I came from OpenBSD and PF I'm used to watching logs via shell access realtime. So I checked them today and saw some icmp6 messages spamming the logs (not that much of a problem, but I liked them out). So to get rid of them I created a LAN rule, with the following details:

      Type: Block
      IF: LAN
      Proto: IPv6-ICMP
      Source: LAN Network
      To: Any

      Problem is, this rule creates an error, as IPv6-ICMP is translated to "icmp6" in the rules.debug which - in this case - seems to be wrong, as pfSense's /etc/protocol file states the protocol named (as seen in the webGUI) IPv6-ICMP. Manually changing that created another error depending on the Source (LAN Network isn't possible here, as it is defined as IPv4, not v6) so I changed source to any. So I guess either the protocol file (IPv6-ICMP to icmp6) or the rule translation webgui->rules.debug has to be changed (vice-versa).

      Second problem I found is that a few blocks I defined still seem to popup in the webgui as they are filtered out by the last default block rule instead of my own on top (e.g. I block netbios ports out on top to get rid of that windows-machines spamming the logs with their port 137/139 discovers). As there seems to get less of the blocks they don't vanish completely. This needs further investigation on my part, but I wanted to throw it in, as it's possible you already know some issue with that one.

      Greets
      Grey

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy