Outbound Firewall Rules issue



  • Hello Everybody,

    We have made a setup of pfsense with Supermicro MB A1SRM-2758F which is having Intel 8 Core Atom processor & qualified for pfsense hardware.

    We have made configuration with 1 WAN & 1 LAN setup but we are facing issue with outbound firewall rules. When we setup any new inbound rules allow it effect immediately but when we setup any outbound block rules it wont take in effect even after reload of rules. To resolve issue every time we have to reset state table. We don't understand this behavior either we are wrong at some configuration or missing something to configure ? Reset state table is not right solution, when we reset state table it break all current connection & it interrupt everybody's connectivity for a while.

    If anybody know this issue & resolve it then please let us know solution.

    Thanks,

    Hiren


  • LAYER 8 Netgate

    Please describe the process you are using to make an "outbound block rule."  If you are not on the "Floating" tab you are making a rule for INBOUND traffic on that interface only.

    Rule changes take effect on new connections only.  Example: If you have an ssh session to a remote ssh server and then block outbound ssh connections, the existing connection will not be torn down but new connections will be blocked.  You can either reset all states or hunt down the individual states and clear those.


  • LAYER 8 Global Moderator

    ^ exactly.. To be honest you would want your "outbound" rules to be put on the LAN interface - this blocks it inbound into pfsense, which prevents outbound to the internet.  Why block it after entered pfsense - block it before it enters pfsense.

    Posting your floating if any and your lan rules would be helpful in discussion of your problem.



  • Just as a reminder, rules only apply to new states, not already established states.



  • ^^^  Thats greek for reboot your pfsense if you have made a rule to block connections that are already established.


Log in to reply