Firewall NAT Rule Disabled But Access Still Allowed Through

cpatte7372 · Jan 19, 2015, 8:47 PM

Hello Community,

I have disable a Firewall NAT rule, but access through the firewall is still permitted.

Can someone please explain - especially as I paid the full subscription price to support this project.

cpatte7372 · Jan 19, 2015, 8:53 PM

So now I'm beginning to wonder if I should have done a bit more research by investing time and money into this so called Firewall….

I have now disabled the Firewall rule in both Firewall NAT and rule and access is still allowed..

What gives?????

doktornotor · Jan 19, 2015, 9:01 PM

Perhaps you should invest more time into reading the docs?

https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting#Dangling_States

Not to mention, having to disable the firewall rule after disabling the NAT rule sounds like you somehow forgot to press the Apply button altogether.

Harvy66 · Jan 20, 2015, 1:28 AM

The NAT firewall are two completely separate features. The NAT conveniently make a pass firewall rule for you, but that's about the amount of cross talk the two features will do. In other words, disabling the NAT does nothing to making changes to your firewall, as it should be.

It is well documented that the firewall rules only apply to NEW states, not existing ones.

johnpoz · Jan 20, 2015, 4:19 AM

"especially as I paid the full subscription price to support this project."

Well then I would suggest you contact support vs posting on the forum asking for people to describe what a state is to you..

KOM · Jan 20, 2015, 6:20 PM

cpatte7372,

I must say that your preferred communications method, where you slag the firewall due to your limited knowledge and then act entitled because you paid for a Gold subscription (which entitles you to nothing in the way of support), isn't making you many friends here. Nobody expects you to be a network expert, but acting all huffy when you can't figure something out and trying to shame ESF or others into helping you just leaves a bad taste in the mouth.

johnpoz · Jan 20, 2015, 7:06 PM

Well he said FULL subscription, not gold? That would include 2 hours support. Gold is more a way of supporting the cause. I think it gets you a gold star on the forums sometime in the future ;)

But I completely agree with your assessment

KOM · Jan 20, 2015, 7:12 PM

I thought he mentioned a Gold sub in one of his earlier posts. Regardless, anyone can get off on the wrong foot sometimes. I don't want people to get scared off the project due to initial communications issues or some small misunderstanding. Pride and ego can get in the way of things, sometimes.