I am having a issue with pfsense…
I have a rule that block ping (echo requests) from the LAN network interface to a openvpn client interface (OVP1), the rule is working fine blocking the ping to the prohibited network…
For example if i start a ping in a machine to the prohibited network it is giving:
Timed out.
Timed out.
Timed out.
When i disabled the rule, obviously:
Answer from...
Answer from...
Answer from...
What i think is perfect correctly.
But then when i re-enable the block rule, the ping don't stops, except if i stop the ping on the machine before changing the rule – i tried to wait some minutes thinking pfsense was needing to reload the rules but the ping are still running. So what i am watching is that is impossible to stop a ping that is already running, even if i block all the firewall traffic in all interfaces, what i think is very unexpected for me that are using until now other firewalls like Iptables, Endian, or Cisco ASA FW – other protocols seems to do not have this issue.
I am creating the rule, as a floating rule and marking "Apply the action immediately on match.". I tried to create it in the LAN tab too but the effect was exactly the same.
On Endian FW for example i am able to stop the ping immediatily if the rule is re-enabled.
What is wrong with me?
Best Answer
I get the answer on the pfsense forum :
Established states are not affected by rule changes. Kill them first via Diagnostics -> States.
https://forum.netgate.com/topic/137097/how-to-block-a-running-ping/2