Firewall Rules Not WOrking



  • Hi,
    My firewall has multiple VLAN interface fx: Vlan1, Vlan2 etc… when i create block rule between 2 vlan interface its still allow package. Rule is : Action Block, Interface VLAN1, Protocol Any, Source Any, Destination VLAN1 alised IPs... By the way all VLAN interface has out access rule any to any... Actually my system has multiple reel ip VLAN intercafe and one  WAN interface to Internet, i need the rules from all interface to Internet (WAN) and VLAN interface has should be firewalled allow and block rules...
    Thanks for the all help...



  • did you reset states after you added that rule ?

    is the rule in the correct order ? in other words is the block rule above the allow all rule ?



  • Hi Heper,
    I think problem is state level, when i reset the states rules are working fine… Thanks for the all advise now i can create the all rules....
    Regards,



  • In general on the pfsense firewall there are some important things to know:

    All rules are working from top to down. If one rule matches no other rule will be affected for thist traffic.

    On the bottom of all your rules there is always an invisible "block any to any" rule.

    If you have an interface "LAN" and you put rules on this interface it always affects the traffic which is comming from LAN. Rules on interface "LAN" does not affect traffic which is coming from somewhere else. So you have to pay attention where the traffic was initiated and where you have to place the rule.



  • Hi Nach,
    I am created rules for the VLAN interfaces, if i am wrong please correct me, any packages going to destination interface and block rules are should be apply destination interface right? so i am created a rule from source VLAN1 any to any and i have created a block rule from the destination interface VLAN2 selected protocol and ports. I think its working fine, for now any rules working to be good…by the way heper says the "did you reset states after you added that rule ?" i have reset the firewall states and its everything working fine...If you have any advise i am glad to you...
    Thanks,



  • @NicemaN:

    Hi Heper,
    I think problem is state level, when i reset the states rules are working fine… Thanks for the all advise now i can create the all rules....
    Regards,

    It's not really a problem. It is designed that way.
    Existing connections will/should never be disrupted when a rule is created/adjusted.
    The rule will be applied to all NEW connections. Resetting the state table disconnects all current connection and forces every connection to follow the latest ruleset



  • @heper:

    It's not really a problem. It is designed that way.
    Existing connections will/should never be disrupted when a rule is created/adjusted.
    The rule will be applied to all NEW connections. Resetting the state table disconnects all current connection and forces every connection to follow the latest ruleset

    This. This is how every stateful firewall works.


Locked