Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - vmaxx

Pages: [1]
You can do it with the package pfBlockerNG

I hate to be dense, but the ip ranges json link / file has both ip4 & ip6 data in it. Do I put it under ip4 lists or ip6 or both? Will pfSense freak out if it grabs ip6 data under an ip4 alias or is the differentiation of IP4 & ip6 in pfBlockerNG more for my (human) benefit?

General Questions / Out of state packets
« on: March 06, 2018, 01:01:26 pm »
I am having an issue with some traffic getting blocked due to packets with TCP flags, PA, RA, etc. I have read some posts here on the subject and tried their suggestions, conservative setting, setting different TCP flags in advanced settings but some packets are still getting blocked. The IPs & ports in the rules are set to pass. I think these packets are causing issues with some apps and am hoping to find how to allow these packets through. My rules are basically a white list. Individual rules of what can pass through followed by a rule blocking everything for specific machines on my internal network.

Any idea what I can do in a rule to stop these packets from being blocked?

OpenVPN / openvpn client connection issue
« on: February 15, 2018, 01:44:48 pm »
This is not an openvpn on pfsense question so apologies of wrong area. I have openvpn on my internal pfsense server so when I travel I can connect to my internal network. It works great.

I am now trying to use openvpn client on an internal machine to connect to a commercial vpn provider. The initial connection works great for the first few minutes and then disconnects and won't reconnect.

Was wondering if there could be an issue with an internal openvpn client going through a pfsense server with openvpn on it to an external openvpn server? Is there anything I need to do to the pfsense server with openvpn on it before trying to connect to another openvpn server externally?

Firewalling / Re: Tool to see what would happen
« on: November 13, 2017, 03:01:38 pm »
Thanks, just wondering. Mine doesn't change too often so i can make a quickie db with the info to search.

Thanks agin

Firewalling / Tool to see what would happen
« on: November 13, 2017, 08:51:48 am »
Is there any tool or process to see what rule (if any) would take an action on a specific IP? Basically I would like to enter an IP and see what would happen to it if it were encountered it as a live event? I have a lot of rules and aliases and this would help test them and the structure I have in place.

You cam block a range the same way you do a single IP (firewall -> aliases -> add): An IP range such as or a small subnet such as may also be entered and a list of individual IP addresses will be generated. This is with the type staying as host(s). Just keep hitting the Add Host button to enter a new IP / Range until you are done. You can also change the type to Network(s), then an IP range such as may also be entered and a list of CIDR networks will be derived to fill the range.

If you have a list of IPs to enter you can also hit the Import button, then paste the list into the aliases to import box. The list may contain IP addresses, with or without CIDR prefix, IP ranges.

Then in your firewall rule under destination instead of entering the IP, enter the alias name.

Firewalling / Limit to alias size
« on: October 03, 2017, 12:30:11 pm »
I searched the web and have found different answers from many different years. I am on the current release (2.3.4) and was wondering what the limit to alias entries from a bulk import? The docs page just defines what an alias is but not its limits when bulk importing. How many addresses or ranges could I bulk import on a single alias and how could I search for the current answer for any new releases?

Firewalling / Re: Firewall rules enabled / disabled
« on: September 29, 2017, 10:09:22 am »
Thanks - exactly what I needed to know :)

Firewalling / Firewall rules enabled / disabled
« on: September 28, 2017, 08:02:30 pm »
I have the latest pfSense installed as my gateway. For rules I have split by machine, the 'pass' rules and then a block all. How does pfSense implement the rules. It seems that when a rule that was enabled and is then disabled -> saved -> apply changes does not take immediate effect. Likewise when the block all rule is disabled  -> saved -> apply changes - I still see events in the log that show it is blocked. Is there something else I need to do like a reload all or another step to have any changes implemented immediately? It seems that several hours can go by before a change is fully implemented. I know I can reboot the box, but that seems a bit much.

General Questions / Log entry question
« on: June 04, 2017, 12:12:19 pm »
I wrote something to parse the firewall logs that are saved to my syslog server. I am in the process of going through the logs, hopefully on a regular basis. One type of entry I have question on. The entries are from the 'LAN' interface that the action is 'pass' and the direction of traffic is 'in'. The source IP addresses are machines on my internal network and the destination IPs are external to my network. I would think IN traffic on the LAN interface would have the destination IPs of the machines on my internal network instead of the source IPs. Is this response traffic from the machines on my internal network already sent out? I went through the Filter_Log_Format_for_pfSense_2.2 page to get the fields, but it didn't do anything for understanding how to interpret the data. Any ideas?

Firewalling / Re: Firewall logging
« on: May 24, 2017, 03:12:16 pm »
Thanks for the info. I have the default rule to log traffic so I can see as much as possible. I actually think a lot of it is pfSense itself. I see a lot of port 53. It seems that there is usually a large chunk of WAN entries at the same time. Going through the logs just to make sure I understand how things work. I have not had this level of granularity before. Just newness I guess.

Thanks again for the help

Firewalling / Firewall logging
« on: May 24, 2017, 10:02:28 am »
Hi, new to pfSense and have a logging question. I am basically trying to follow who's doing what. Sometimes in the firewall log I see a LAN entry from a specific IP and its external destination, then I see the corresponding entry for the WAN interface going to the same destination and port. This is what I would expect, but that's not always the case. Obviously if its blocked I wouldn't expect to see anything on the WAN interface and I am sure pfSense has some traffic of its own. My concern is when I see WAN entries as the source (allowed) going to external IPs with no corresponding LAN entries. What are they and where are they from?

Am I missing something or should there be a one for one entry when a machine on my network makes an external connection, one for the LAN interface and the WAN interface?


Pages: [1]