Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFsense issue blocking all traffic using LAN Rules

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Abhishek
      last edited by

      Setup

      ISP Router 192.168.2.1 –--> PFSENSE WAN 192.168.2.2 --->PFSENSE LAN 192.168.0.1
      Package
      Squid -WPAD-NON transparent
      SNort -
      PFblockerNG

      Issue is i am unable to block all traffic using LAN Rule

      pic attached

      for showing even after blocking my IP i am able to PING to google DNS , but webtraffic stoped , so i was thinking if mobile users can bypasss firewall by using different applications  ( Since Even when i did block fully Source (MY IP ) to Destination ( ANY ) my PC was able to PING to WAN

      kindly help to solve , thank you

      edit - i tried blocking a mobile user also using source ALias (Alias PIC attached) local ip and destination -ANY
      still That IP is able to download /Watch video
      Rules_LAN.PNG
      Rules_LAN.PNG_thumb
      Rules_WAN.PNG
      Rules_WAN.PNG_thumb
      Rules_Float.PNG
      Rules_Float.PNG_thumb
      LOG.PNG
      LOG.PNG_thumb
      Alias.PNG
      Alias.PNG_thumb

      2.3-RC (amd64)
      built on Mon Apr 04 17:09:32 CDT 2016
      FreeBSD 10.3-RELEASE
      Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

      darkstat 3.1.2_1
      Lightsquid 3.0.3_1
      mailreport 3.0_1
      pfBlockerNG 2.0.9_1  
      RRD_Summary 1.3.1_2
      snort 3.2.9.1_9  
      squid 0.4.16_1  
      squidGuard 1.14_1
      syslog-ng 1.1.2_2

      1 Reply Last reply Reply Quote 0
      • A
        Abhishek
        last edited by


        if the above statement is true is there any way to killstate and block traffic instant when rule is created

        2.3-RC (amd64)
        built on Mon Apr 04 17:09:32 CDT 2016
        FreeBSD 10.3-RELEASE
        Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

        darkstat 3.1.2_1
        Lightsquid 3.0.3_1
        mailreport 3.0_1
        pfBlockerNG 2.0.9_1  
        RRD_Summary 1.3.1_2
        snort 3.2.9.1_9  
        squid 0.4.16_1  
        squidGuard 1.14_1
        syslog-ng 1.1.2_2

        1 Reply Last reply Reply Quote 0
        • M
          mer
          last edited by

          An easy way to verify if the above is true, is to try it.

          Manually after creating a rule you can go into Diagnostics, States (the show summary one) and hit the reset states that is there.

          Or you could stop and start the firewall after adding new rules (Some people prefer to do this instead of resetting states to ensure they are at a known starting point).

          Don't forget that Rule order is important:  in the WebGUI, first match wins (like the hint says on the web page).

          1 Reply Last reply Reply Quote 0
          • kesawiK
            kesawi
            last edited by

            Try changing the destination in your block rules on the LAN interface from WAN Net to Not LAN Net. My understanding is that the WAN Net address range only includes the subnet that your WAN is connected to, not the entire internet.

            1 Reply Last reply Reply Quote 0
            • A
              Abhishek
              last edited by

              thank you state killing done the job , thank you

              2.3-RC (amd64)
              built on Mon Apr 04 17:09:32 CDT 2016
              FreeBSD 10.3-RELEASE
              Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz

              darkstat 3.1.2_1
              Lightsquid 3.0.3_1
              mailreport 3.0_1
              pfBlockerNG 2.0.9_1  
              RRD_Summary 1.3.1_2
              snort 3.2.9.1_9  
              squid 0.4.16_1  
              squidGuard 1.14_1
              syslog-ng 1.1.2_2

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.