NetFlix/AmazonAWS blocked by "Default deny rule"

  • First off, I love pfSense.  Switched from FreeSCO to pfSense back in 2006.

    For what ever reason, NetFlix/AmazonAWS are tripping over the "Default deny rule".  I am seeing lots of entries like this in the firewall log:

     block 	Jun 26 03:08:15 	LAN		TCP:RA
     block 	Jun 26 03:08:06 	LAN		TCP:FPA
     block 	Jun 26 02:13:46 	LAN		TCP:R
     block 	Jun 26 02:13:46 	LAN		TCP:PA
     block 	Jun 26 01:51:06 	LAN		TCP:R
     block 	Jun 26 01:51:06 	LAN		TCP:PA

    And here is the reason message:

    The rule that triggered this action is:
    @1 scrub on re0 all random-id fragment reassemble
    @1 block drop in log all label "Default deny rule" = iPad w/ NetFlix app  = Win7 w/Browser

    I created an alias for the NetFlix/AmazonAWS subnets, but it only seems to make a (slight) difference if I enable logging on the rule.  Even then, NetFlix still doesn't load right or consistantly:

     pass 	Jun 26 02:52:27 	LAN	TCP:S
     pass 	Jun 26 02:52:24 	LAN	TCP:S

    NetFlix/AmazonAWS subnets:

    Allowing all outbound LAN traffic to 80/443 made no difference.

  • Rebel Alliance

  • I have similar problems here with Amazon S3 (uploading backups).

    I use Duplicati backup (a very good Open Source backup program like Duplicity, with a simple GUI and TNO encryption).

    With "plain" pfsense installation it works great: no problem for uploading or downloading from my S3 buckets.

    Problems arise when I use pfsense as OpenVPN client to a VPN provider like StrongVPN or AirVPN: with very "relaxed" firewall rules I get a bunch of "blocked" by default deny rule for IPv4, no matter what's allowed to all the interfaces  :(

Log in to reply