Traffic passing with rules disabled
-
Sorry to post again(!). Still seem to be struggling with pfSense.
Have a transparent bridge:
internet - WAN - pfsense - LAN - hostsWith "Enable filtering bridge" switched off, hosts can ping internet (CORRECT)
Enable filtering bridge - Hosts can't ping internet (CORRECT)
Add rule to allow traffic through, apply rules. Hosts can now ping (CORRECT)
Change rule to block traffic, apply rules. Hosts can STILL ping (INCORRECT)If I reboot the firewall, or untick, save, retick and save the "Enable filtering bridge" option then the "block" rule takes effect.
It seems that the "rule reload" doesn't always work? Even though checking the "reload status" shows that they have been reloaded.
It does however work in reverse.
ie, once traffic is being blocked correctly, change the rule to "pass" and applying will start to allow traffic again. -
IIRC, when you change a rule to block traffic then the state from your previous test is still alive.
Look at Diagnostics | States to verify this.If I reboot the firewall, or untick, save, retick and save the "Enable filtering bridge" option then the "block" rule takes effect.
Then the states get reset…
-
jahonix, you are a legend. Clearing the state table fixed it.
Now just to try and get CARP working on a bridged interface. Some say it can be done, and some say it can't!
-
CARP will not work on bridges.
-
yes it will :D
http://forum.pfsense.org/index.php/topic,6516.0.html
