Cannot deactivate firewall



  • I'm having trouble with my PfSense install.  I am trying to upgrade a PF 1.2.x to 2.1.2.  I exported my config from my 1.2 install and am trying to install it in my 2.1.2 box.

    After waiting a while, I restarted PF, and everything seemingly loaded.  However, I'm trying to manually disable the firewall so I can configure it via the WAN.  However, everything I've tried ignores any firewall rules.

    I've added a floating rule that allows all traffic from the WAN, but I still get blocked.

    I've tried disabling the firewall from the console using : pfctl -d  however it seems to automatically reactivate itself after a few seconds.  In order to be able to continue getting access via the WAN, I have to keep reissuing: pfctl -d  commands at the console.

    Is there something that I can do to disable this?  Why is it rearming itself automatically?  What might be causing the firewall to ignore my Quick floating rule?  To be on the safe side, I've even added a full pass-through rule to the WAN table as well, but that has not had any impact.

    I'm attaching screenshots of my webconfigurator if it helps.

    Thanks,

    Eric

    ![Screen Shot 2014-04-23 at 10.47.37 PM.png](/public/imported_attachments/1/Screen Shot 2014-04-23 at 10.47.37 PM.png)
    ![Screen Shot 2014-04-23 at 10.47.37 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-04-23 at 10.47.37 PM.png_thumb)
    ![Screen Shot 2014-04-23 at 10.48.03 PM.png](/public/imported_attachments/1/Screen Shot 2014-04-23 at 10.48.03 PM.png)
    ![Screen Shot 2014-04-23 at 10.48.03 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-04-23 at 10.48.03 PM.png_thumb)
    ![Screen Shot 2014-04-23 at 10.48.23 PM.png](/public/imported_attachments/1/Screen Shot 2014-04-23 at 10.48.23 PM.png)
    ![Screen Shot 2014-04-23 at 10.48.23 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-04-23 at 10.48.23 PM.png_thumb)
    ![Screen Shot 2014-04-23 at 10.51.14 PM.png](/public/imported_attachments/1/Screen Shot 2014-04-23 at 10.51.14 PM.png)
    ![Screen Shot 2014-04-23 at 10.51.14 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2014-04-23 at 10.51.14 PM.png_thumb)



  • the firewall rules are from the top to the button forced
    so the rule on the top is the first one.
    you can create a rule to allow any to any and put it on the top of the rules



  • @Jamerson:

    the firewall rules are from the top to the button forced
    so the rule on the top is the first one.
    you can create a rule to allow any to any and put it on the top of the rules

    If you've noticed my screenshots, I already have an any->any rule at the top of both my WAN rules and my Floating WAN rules.  And yet, the firewall is still blocking all my accesses.

    Any suggestions would be appreciated.

    Thanks,

    Eric



  • Your WAN is in a private network!
    Do you have deactivated "Block private networks" on WANs interface settings?