Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Despite WAN-blocking firewall rule, machine can still resolve hostnames? [FIXED]

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      UBBERdave
      last edited by

      Hello all,

      Despite the following firewall rule which SHOULD block all WAN access to this IP, it's still able to resolve hostnames to IPs.  Surely DNS traffic is included in this rule which is set up to block all protocols, ports and destinations from one IP on the LAN.

      
Proto    Source         Dest    Port     G/W    Sched
 *  	 192.168.2.1  	 *  	 *  	 *  	 *

      Wite this rule in place, the machine can not ping any IPs, load websites etc, but it CAN resolve a hostname to an IP…

      E.g:

      
C:\Documents and Settings\Dave>ping -t google.fr

Pinging google.fr [216.239.59.104] with 32 bytes of data:

Request timed out.
Request timed out.

Ping statistics for 216.239.59.104:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

      Why is this? (The address is definately not cached anywhere…)

      Cheers,
      Dave
      pfsense.jpg
      pfsense.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        Turn off the DNS Forwarder.

        1 Reply Last reply Reply Quote 0
        • U
          UBBERdave
          last edited by

          Ahh it was something simple then, thanks :D

          Cheers again,
          Dave

          PS. Thanks for the prompt and knowledgable replies you lot =)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.