Firewall lets traffic through?
-
Maybe it's me but from my point of view the firewall isn't working as it should (rule attachment). All traffic to the interfaces IP should be blocked if the IP traffic doesn't come from its own subnet, yet I went on a different shell nmap'ed port 22 and guess what it was open. I could even connect to it !?
block ip4/ip6 tcp/udp from not interface net to interface address dst port 22When I scan the interface address from a different IP then the interface net it should block the IP !? Why wouldn't it do that?
-
"All traffic to the interfaces IP should be blocked" when coming in on THAT interface and not from its own subnet.
-
"yet I went on a different shell"
Where did you go? different shell on the firewall itself? If you don't want traffic to hit ssh then block ssh inbound to that interface.. Since that is where the rule is evaluated at..
What interface was your traffic entering pfsense at?
-
"All traffic to the interfaces IP should be blocked" when coming in on THAT interface and not from its own subnet.
Yes, that applies to traffic sourced on that interface. Sounds like that traffic was sourced from a different interface.
