Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall Rules not working in PFsense

    Scheduled Pinned Locked Moved Firewalling
    9 Posts 4 Posters 21.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sinister
      last edited by

      Good Day Guys,
      I had been playing around with my newly installed pfsense and it turn out ok until i found out that firewall rules are not working. I had created several from firewall->rules menu with this:

      and save the new firewall rules. to verify if the said rules is working i try to use nmap and found out the result:

      the firewall rule did not recognize my created rule. Can anyone help me on this to enlighten me on how will i do it. thanks in advance

      1 Reply Last reply Reply Quote 0
      • M
        mr_bobo
        last edited by

        Unless I'm mistaken, your rules are allowing traffic from the LAN to those ports.

        Try scanning it from the net, unless you're behind a router.

        Nmap-online

        It will always show the open ports on your pfSense box when you scan it from the LAN.

        1 Reply Last reply Reply Quote 0
        • S
          sinister
          last edited by

          Yes mr_bobo i am allowing those port but still missing when i add a different port still the same nmap result comes out. It would be best if anyone on the group could teach how to do it. :)

          1 Reply Last reply Reply Quote 0
          • P
            podilarius
            last edited by

            Well the rules on lan do not block or allow anything on the wan address. You are only doing egress filtering. So those ports will be open to the firewall address. The out put reflects this as it is showing block on all ports except those you are allowing. What exactly are you trying to dool.

            1 Reply Last reply Reply Quote 0
            • M
              mr_bobo
              last edited by

              @sinister:

              Yes mr_bobo i am allowing those port but still missing when i add a different port still the same nmap result comes out. It would be best if anyone on the group could teach how to do it. :)

              If you outline what you're trying to accomplish it would be easier for someone to advise you how to go about it. People here are friendly and ready to help but you have to let them know what you're intentions are.

              The LAN rules govern outgoing traffic. Your firewall will allow any outgoing traffic you initiate without having to made a rule to do so.

              The green arrows at the side of the rules indicate a rule intended to "pass" traffic. The rules you've made allow outgoing traffic to those ports at any destination.

              The pf firewall will block all incoming traffic by default till you make a rule allowing otherwise. If you're trying to make rules to restrict incoming traffic you need to make them on the WAN section, yours is designated GLOBE for some reason.

              1 Reply Last reply Reply Quote 0
              • S
                sinister
                last edited by

                Sorry for that mr_bobo
                Here's what i want to do:

                1. I want to create a rule to allow skype to connect for incoming and outgoing connection.
                2. I want to verify the said rule if its workiing or open
                3. block all ports aside from the ports that i declare as open

                thanks again and hope you coud help me

                1 Reply Last reply Reply Quote 0
                • marcellocM
                  marcelloc
                  last edited by

                  Your first rules set are fine.

                  Just remember to reset current states after you change a rule on quick tests.

                  Treinamentos de Elite: http://sys-squad.com

                  Help a community developer! ;D

                  1 Reply Last reply Reply Quote 0
                  • S
                    sinister
                    last edited by

                    Sir marcelloc
                    I just confuse and want to clarify, when i reset the firewall current state table, that is the only time that firewall rules will take effect?

                    1 Reply Last reply Reply Quote 0
                    • marcellocM
                      marcelloc
                      last edited by

                      @sinister:

                      I just confuse and want to clarify, when i reset the firewall current state table, that is the only time that firewall rules will take effect?

                      No, after you change rules only new connections will match new rules. The keep state will keep current connections working until it ends or until you reset states.

                      for example:

                      you start a ping to 8.8.8.8, then create a rule to block ping.
                      The result will be a sucesfull ping.
                      if you reset states, then ping will fail.

                      att,
                      Marcello Coutinho

                      Treinamentos de Elite: http://sys-squad.com

                      Help a community developer! ;D

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.