We are trying to find out. So do what was suggested, delete all rules and reboot. If you still have full access on the openvpn interface it might be a bug or a limitation (which I can't say for sure right now).
Holger > -----Original Message----- > From: Kyle Mott [mailto:[EMAIL PROTECTED] > Sent: Wednesday, September 13, 2006 10:09 PM > To: [email protected] > Subject: Re: [pfSense Support] OpenVPN Clients and FW ACL's > > > That's not an option. Rules are rules, and it should be blocking the > traffic. All of my other rules on other interfaces work as expected. > > Can someone tell me if this is a bug? > > > -Kyle > > Rob Terhaar wrote: > > How about if you take all the rules out for the openvpn connection, > > reboot the system, and see what your firewall does then? > > > > > > > > On 9/12/06, *Kyle Mott* <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > > > I've attached a JPG. Even with that ACL, I can get to > RDP on my main > > box > > on the LAN interface from any OVPN client. I followed > the HowTo, but the > > HowTo says to leave everything open for testing. After > I got done with > > testing, I removed the "generic" rules, and tried to > only allow access > > to specific hosts/ports/protocols, which doesn't seem > to be working as I > > would expect. > > > > > > -Kyle > > > > Rob Terhaar wrote: > > > Did you follow the howto on the wiki to get openvpn setup? > > > what does your firewall ruleset look like for your openvpn > > interface on > > > the pfsense? > > > > > > > > > > > > On 9/12/06, * Kyle Mott* <[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]> <mailto:[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>>> wrote: > > > > > > Hi, > > > > > > I'm noticing that no matter what kind of block > statements I > > put on my > > > LAN or TUN0 interface, my OpenVPN clients can > always get to > > anything it > > > wants on the LAN interface (and vice versa). Is > this normal > > > behaviour? I > > > was hoping to have a bit more granular control over what > > clients can > > > access when they are connected. I'm running RC2. > > > > > > > > > > > > -Kyle > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]> > > > <mailto: [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> > > > For additional commands, e-mail: [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]> > > > <mailto: [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]> > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
