Firewall rules do not seem to work

butterwewe

Hi

I've installed pfsense 2.2.4 and having trouble making the firewall rules work. i have 5 vlans and all distributed to WAN networks using OSPF. even without rules packets can still pass through the firewall, like everything goes through the firewall. does firewall rules apply even if you are not using NAT?

• i have tried configuring rules on each vlan interface, no luck
• i've tried floating as well, no luck

any suggestions?

Derelict

Show us what you have done.

https://doc.pfsense.org/index.php/Firewall_Rule_Basics

https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order

https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

johnpoz

Well did you disable it?  Without seeing your setup is kind of just guessing to what you did wrong.

butterwewe

@Derelict:

Show us what you have done.

https://doc.pfsense.org/index.php/Firewall_Rule_Basics

https://doc.pfsense.org/index.php/Firewall_Rule_Processing_Order

https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

thank you for the attention… but i think it was because of a faulty upgrade from pfsense 2.1.4 to pfsense 2.2.4. i did a fresh install pfsense 2.2.4 and made the same configurations and everything worked well... i was not prompted any errors during the upgrade though.....

cmb

It's highly unlikely an upgrade just made rules not work with a config that works with a clean install. Did you reconfigure it, or restore the config after reinstall?

bsmither

@butterwewe, my rules worked after upgrading from 2.1.x to 2.2.3, but any changes to the ruleset would show, but not engage.

I blame it on not uninstalling the pfBlocker package which I have come to understand, it's configuration remnants was very likely the cause. There is a pfBlockerNG for pfSense 2.2.X.

Derelict

If your rules do not take effect, it is probably because when something prevents the rules from loading, pSense fails to reload the rules and does so silently.

What is needed is something similar to what happens when you screw up the traffic shaper.  There is an alert letting you know the rules fail to load.

You can see what's going on by running the following in either the shell or Diagnostics > Command Prompt

pfctl -nf /tmp/rules.debug

It should either be silent (good ruleset) or show you where it's failing.

butterwewe

@cmb:

It's highly unlikely an upgrade just made rules not work with a config that works with a clean install. Did you reconfigure it, or restore the config after reinstall?

reconfigured the rules after a clean install…

butterwewe

@bsmither

yes, but mine i think was squid issue… something in squid is messed up..

@Derelict

now its not working again.. maybe because something is really messed up.

@everyone

any suggestions? i started experiencing these errors after a power failure.. squid, squidguard, sarg, firewall rules.. as if pfsense is only functioning as a router.. checked the advanced option.. the option where squid should only work as a router is disabled.. by the way.. reconfigured the aliases and still having the same errors. removing them doesnt help either.

cmb

Your Facebook and Youtube aliases have bunk data. Remove or fix those aliases.