• We've automated pfSense with a workflow allowing employees to request access to a server, have it approved, then automatically update the rule.  This is working brilliantly.

    Just one problem - when we remove the rule, it doesn't kick them off!  Microsoft RDP is the main protocol i've been testing with.

    This is how to recreate:
    1. Connect RDP to a server through the Firewall
    2. Remove the rule that allowed this to happen  (nothing at all happens…session continues)
    3. Then clear some states using PFCTL.  My command was pfctl -k -k  (at this point the session freezes)
    4. 10 seconds later, it automatically reconnects itself and continues as if nothing happened!  And sure enough the states are back in the table again.

    So my question is - aside from Firewall Rules, and states, what else is there?  What's allowing this to persist?


  • You didn't explicitly say, but after making your rule changes are you reloading them with pfctl -f so that they take effect?

  • Actually we are running "/etc/rc.filter_configure"

    However, i've tried doing this manually on the pfSense front end as well - delete the rule and apply settings.  Same issue.

  • Hmm, no idea then.  Sorry.

  • I've found it - it's a bug in pfSense. Quite a hard one to spot!  Here is how to recreate the bug…..

    Create an alias for a port number.
    Create a rule using this alias
    Rename the alias
    Apply changes

    The firewall is now wide open.  The fact it can't find the alias, it assumes it means * !  Pretty serious flaw in the logic here.


  • Rebel Alliance Developer Netgate

    What version of pfSense is that on?

    I can't replicate that on 2.2.1. If I rename a port alias, the rule follows.