pfSense Support Subscription

Author Topic: Firewall blocking not working  (Read 1301 times)

0 Members and 1 Guest are viewing this topic.

Offline nexusN

  • Full Member
  • ***
  • Posts: 105
  • Karma: +0/-0
    • View Profile
Firewall blocking not working
« on: February 19, 2012, 02:11:21 am »
I have set my router to sleep after an idle of 3 mins and wake on pattern match,
the above allow a transparent on and off for convenience as well power saving.

However, as you may know, there are many annoying crawler on the web.
For ftp, I forward the request from WAN side to my server in LAN by NAT.
On observing, I spot an IP frequently disturb my server, that way I tried to block it by setting up a rule.




However, it never worked, the IP can still sexually harass my server as he likes.
Any idea? Or my setting is wrong?  :-\

Update : On more search, I find that the order of the firewall rules may matter.
Previously the blocking rule was at the end of the Firewall Rule Listing.
Just now I move all allowing rule to the end of the rule list, see if this would help.
« Last Edit: February 19, 2012, 02:43:52 am by nexusN »

Offline chpalmer

  • Hero Member
  • *****
  • Posts: 1074
  • Karma: +0/-0
    • View Profile
    • Home of Cablenut
Re: Firewall blocking not working
« Reply #1 on: February 19, 2012, 02:29:51 am »
Quote
I find that the order of the firewall rules may matter

Not may...  Does!    I generally put the bad ones on top of the entire list... They dont get to do nuttin!
P.S. statements made by me are not necessarily condoned by the management of this fine organization.

Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2792
  • Karma: +0/-0
  • Backup: n. What you should have done yesterday.
    • View Profile
Re: Firewall blocking not working
« Reply #2 on: February 19, 2012, 03:19:04 am »
Can you post a screenshot of your WAN rules please.
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.

Offline nexusN

  • Full Member
  • ***
  • Posts: 105
  • Karma: +0/-0
    • View Profile
Re: Firewall blocking not working
« Reply #3 on: February 19, 2012, 03:22:20 am »
Can you post a screenshot of your WAN rules please.

Thanks for the help:


Just changed by moving those allowing rules to the end as mentioned in the update.
« Last Edit: February 19, 2012, 03:25:25 am by nexusN »

Offline nexusN

  • Full Member
  • ***
  • Posts: 105
  • Karma: +0/-0
    • View Profile
Re: Firewall blocking not working
« Reply #4 on: February 19, 2012, 04:02:51 am »
Sorry for an addition question that just fell into my concern:


What exactly is causing the request from 192.168.11.100?
My DHCP server has only an allowed range : Available range    192.168.1.1    - 192.168.1.254,
there shouldn't be a 192.168.11.100 on LAN, and unlikely it is on WAN.

It is blocked yet kidnapped my Firewall Blocking Logs and I can hardly take the logs as an effective reference for problem solving.
Would you share your ideas on it?
Thanks for the attention.
« Last Edit: February 19, 2012, 05:55:18 am by nexusN »

Offline Cry Havok

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2792
  • Karma: +0/-0
  • Backup: n. What you should have done yesterday.
    • View Profile
Re: Firewall blocking not working
« Reply #5 on: February 19, 2012, 05:17:46 am »
You have a device with that IP (192.168.11.100) on your LAN. Check your ARP logs to see what the MAC is, that coupled with the OUI tables, may tell you what the device is. As a hint, a quick Google search tells me that port 1900/UDP is for SSDP.
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.

Offline nexusN

  • Full Member
  • ***
  • Posts: 105
  • Karma: +0/-0
    • View Profile
Re: Firewall blocking not working
« Reply #6 on: February 19, 2012, 05:32:12 am »
You have a device with that IP (192.168.11.100) on your LAN. Check your ARP logs to see what the MAC is, that coupled with the OUI tables, may tell you what the device is. As a hint, a quick Google search tells me that port 1900/UDP is for SSDP.

Thanks for the idea, I will study it later, now I just untick the box "Log packets blocked by the default rule" and it seems the problem no longer appears....may take this as a temp. solution for me to first focus on tackling the crawlers.

Offline chpalmer

  • Hero Member
  • *****
  • Posts: 1074
  • Karma: +0/-0
    • View Profile
    • Home of Cablenut
Re: Firewall blocking not working
« Reply #7 on: February 19, 2012, 02:31:11 pm »


I have a customer that used a Linksys router as an access point. It overran the logs with those same requests until we put a firewall rule in place.  But since it would still pass traffic having the wrong subnet on it my bet is yours is also an AP or other router used as an AP...

P.S. statements made by me are not necessarily condoned by the management of this fine organization.

Offline nexusN

  • Full Member
  • ***
  • Posts: 105
  • Karma: +0/-0
    • View Profile
Re: Firewall blocking not working
« Reply #8 on: February 19, 2012, 07:19:05 pm »


I have a customer that used a Linksys router as an access point. It overran the logs with those same requests until we put a firewall rule in place.  But since it would still pass traffic having the wrong subnet on it my bet is yours is also an AP or other router used as an AP...



Thanks for reminding and it's exactly caused by the Buffalo router acting as a wireless switch.
Unplugging it solved the problem, will see how to make it work without this issue.

Offline nexusN

  • Full Member
  • ***
  • Posts: 105
  • Karma: +0/-0
    • View Profile
Re: Firewall blocking not working
« Reply #9 on: February 24, 2012, 10:08:42 pm »
For the original issue, thanks for your help and information on forum,
solved awesomely by re-ordering the rule list, putting the blocking rules at the top.

I would suggest pf put all new block rules on top of any allowing rules by default so that ignorance like me will no longer appear :D