New firewall rules applied instantly on creation??

minimega

Hello to all forum.
I've an Alix board with 3 LANs:
-vr0 for WAN access
-vr1 for LAN1 PCs
-vr2 for LAN2 PCs

WAN is static IP, LAN1 has DHCP Server enabled (192.168.1.), LAN2 has DHCP Server enabled (192.168.2.). Each PC on LAN1/2 segment gets correct IP address.
Then I'm going to create Rules to let LAN1 and LAN2 exchange packets.

So, on PC_LAN1 I run "ping 192.168.2.10 -t" and on PC_LAN2 I run "ping 192.168.1.10 -t"; on both PCs I get timeout request. That's right.
Then I create a rule for LAN1 to LAN2 subnet, any protocol, save, apply changes, filter reload; what I expect is that PC_LAN1 can ping PC_LAN2, but this doesn't happen.
Same rule for LAN2 to LAN1, same behavior, no ICMP packet pass.

If I restart pfSense, the running pings get response, on both PCs! Then I delete the rule on LAN1, apply changes but both pings always reply! Delete the rule on LAN2 and both pings still replyes!!!
New reboot, the ping stops to reply!

So it seems that rules are not applied upon creation/deletion but only after a reboot. Is there a way to force the reload of the rules other that the one via GUI??

Also if I start from Status/Filter log/Firewall and create new rules with "Easy Rules" they are created istantly on LAN1 and LAN2 rules, but it seems that they're not applied istantly, but only after a system reboot.

Thanks

marcelloc

The new rules will apply on new connections only. Established connections will continue working or denying.

To force a rule apply you need to reset firewall states( there is a shortcut to states on dashboard)

cmb

@marcelloc:

The new rules will apply on new connections only. Established connections will continue working or denying.

This. That's how every firewall works.