Firewall auto-enabling itself?

  • Hi all,
    this could sound weird but yesterday on a 1.2.3 installation among mines Ihad a problem with the firewall. Having locked myself out of the web configurator, I ssh to the machine and from the shell issued pfctl -d to disable the firewall. Of course, it worked and a second after I was using the web configurator to see logs. But then I was locked out again, so issued again pfctl -d and this repeated several times. It was like the firewall was enabling itself after a while. I never changed/enabled the firewall via the webgui. I must admit I was changing parameters of an ipsec tunnel, so the "apply changes" button could force a reload of pf (I guess), but after that I was just watching the logs and the system was continuously locking me off. What event can trigger a pf enablement?


  • Rebel Alliance Developer Netgate

    Anything that causes a filter reload (including altering IPsec settings and applying) will re-enable pf. To leave it off you'd have to check the box in the advanced settings to disable pf.

    Otherwise it assumes you want it on and tries to keep it on.

Log in to reply