Bypass firewall rules for traffic on the same interface settings

  • Seems like "Firewall Optimization Options" and "Bypass firewall rules for traffic on the same interface" setting does not work after the upgrade from an earlier version of 2.2 to the latest.  The selection is retained but you have to toggle the box, save and then resave for them to work again.

  • Rebel Alliance Developer Netgate

    Hmm, that doesn't make a lot of sense. The net effect of that should have been no different than going to Status > Filter Reload and clicking "Reload Filter". If the setting is present, it would be honored, unset/reset wouldn't do anything special in that regard.

  • Thanks for the clarification.  My observation was based on the fact that firewall logs fill up with the Default deny rule on the LAN interface after each upgrade and seem to stop after toggling the option.  It might be just because the LAN connections bounce during that time… Just a PfSense Newbie observation I guess...


  • That's normal behavior for every stateful firewall, after rebooting (if you don't have HA in place) you'll block traffic from connection states that were killed by the reboot but are still active and attempted to be used elsewhere. Devices will figure that out quickly and re-establish, it's safe to ignore.