Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound Firewall Rules issue

    Firewalling
    5
    5
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hiren
      last edited by

      Hello Everybody,

      We have made a setup of pfsense with Supermicro MB A1SRM-2758F which is having Intel 8 Core Atom processor & qualified for pfsense hardware.

      We have made configuration with 1 WAN & 1 LAN setup but we are facing issue with outbound firewall rules. When we setup any new inbound rules allow it effect immediately but when we setup any outbound block rules it wont take in effect even after reload of rules. To resolve issue every time we have to reset state table. We don't understand this behavior either we are wrong at some configuration or missing something to configure ? Reset state table is not right solution, when we reset state table it break all current connection & it interrupt everybody's connectivity for a while.

      If anybody know this issue & resolve it then please let us know solution.

      Thanks,

      Hiren

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Please describe the process you are using to make an "outbound block rule."  If you are not on the "Floating" tab you are making a rule for INBOUND traffic on that interface only.

        Rule changes take effect on new connections only.  Example: If you have an ssh session to a remote ssh server and then block outbound ssh connections, the existing connection will not be torn down but new connections will be blocked.  You can either reset all states or hunt down the individual states and clear those.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          ^ exactly.. To be honest you would want your "outbound" rules to be put on the LAN interface - this blocks it inbound into pfsense, which prevents outbound to the internet.  Why block it after entered pfsense - block it before it enters pfsense.

          Posting your floating if any and your lan rules would be helpful in discussion of your problem.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • H
            Harvy66
            last edited by

            Just as a reminder, rules only apply to new states, not already established states.

            1 Reply Last reply Reply Quote 0
            • K
              kejianshi
              last edited by

              ^^^  Thats greek for reboot your pfsense if you have made a rule to block connections that are already established.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.