Hi Keenan,
thanks for quick answer.
I know that packets don't arrive via static routes. It was only a bad
description of the problem.
All static routes are created on the WAN interface. I don't know if it
is important for this case, but I'm using CARP for all interfaces to
create a HA router/firewall.
Here are some more details:
Interfaces
~~~~~~~~~~
WAN em0: xxx.xxx.196.108/28
WAN CARP: xxx.xxx.196.110/28
VLAN128 bge0: xxx.xxx.196.130/26
VLAN128 CARP: xxx.xxx.196.129/26
Static routes
~~~~~~~~~~~~~
dev:WAN net:xxx.xxx.92.0/19 gw:xxx.xxx.196.107
dev:WAN net:xxx.xxx.93.0/19 gw:xxx.xxx.196.107
Not working rules
~~~~~~~~~~~~~~~~~
WAN: Block, ICMP, src: any, dst: any
Regards
Bastian
Keenan Tims schrieb:
>> If a packet arrives from a networks via a static route all firewall
>> rules are ignored. Everything passes. :-(
>> If the Packets arrive via the default route it works as expected.
>
> Packets don't arrive 'from' a static route; the static routes only
> affect outgoing traffic. Incoming packets will arrive on an interface
> and have a source and destination (end machine) address that you can use
> to filter them. As long as the rule is created on the *interface* the
> traffic arrives on, and has the appropriate filters set, it should apply
> to any traffic regardless of routing tables. Same goes for outgoing
> traffic destined to other routers.
>
> Is this not what's happening? If not, can you give us more information
> (what interface it arrives on, what you want to block and address and
> rule details), as your rules probably just need some tweaks.
>
> Keenan
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
