pfSense

Hello everybody,

I'm currently testing pfsense in my laboratory. I couldn't ping the WAN interface, which is correct. For my tests I created a firewall rule to reach the WAN interface via ping. After my tests, I removed this newly created rule, but I was still able to ping the WAN interface. The WAN interface was only blocked again via ping after restarting the VM.

Details
My test VM only had one WAN interface during the initial setup. I needed a ping on the WAN interface for tests. For the new ping allow rule, a new rule was created under "Firewall / Rules / WAN" and the following defined: "Action: pass" and "Protocol: icmp". The ping-allow rule was saved with "Save" and then activated with "Apply Changes". Then a ping on the WAN interface was possible, as the rule should do. Then I wanted to remove the ping-allow rule again and then found the following: despite deactivating or deleting the ping-allow rule (with "Save" and "Apply Changes"). The deletion or deactivation was successfully applied, but it was still possible to ping the WAN interface while pfSense was running. Only a restart restored the initial state: ping to the WAN interface was rejected/blocked.

Always had the same behavior with three installations. It was installed with pfSense-CE-2.4.4-Release-p1-amd64.iso and was always updated immediately to 2.4.5_1. The VM has 4 GB RAM and 2 CPU cores. libvirt was used on debian buster 10.5 as hypervisor.

Please check the relevance of the circumstances when the opportunity arises. Thank you very much.

Jens Bauer