Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bypass firewall rules for traffic on the same interface settings

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    4 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      techclan
      last edited by

      Seems like "Firewall Optimization Options" and "Bypass firewall rules for traffic on the same interface" setting does not work after the upgrade from an earlier version of 2.2 to the latest.  The selection is retained but you have to toggle the box, save and then resave for them to work again.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Hmm, that doesn't make a lot of sense. The net effect of that should have been no different than going to Status > Filter Reload and clicking "Reload Filter". If the setting is present, it would be honored, unset/reset wouldn't do anything special in that regard.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • T
          techclan
          last edited by

          Thanks for the clarification.  My observation was based on the fact that firewall logs fill up with the Default deny rule on the LAN interface after each upgrade and seem to stop after toggling the option.  It might be just because the LAN connections bounce during that time… Just a PfSense Newbie observation I guess...

          Thanks

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            That's normal behavior for every stateful firewall, after rebooting (if you don't have HA in place) you'll block traffic from connection states that were killed by the reboot but are still active and attempted to be used elsewhere. Devices will figure that out quickly and re-establish, it's safe to ignore.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.