pfSense

Hi,

I've got a firewall rule that reads:

States Protocol Source Port Destination Port Gateway Queue Schedule Description Actions
IPv4 * * * 172.31.255.0/24 * * none

172.31.255.0/24 being a static route through another route in my network:

netstat -r
[...]
172.31.255.0 192.168.178.252 UGS re0
[...]

If I now try to let's say access port 80 on a server in the 192.168.178.0/24 network, the firewall log tells me my packet was blocked and the rule that triggered the block action is exactly the rule mentioned above. So far so good.

Now I edit the rule and change the action from block to pass, assuming this would allow me access to the same port 80 which has been blocked until now. But after reloading the rules the firewall log tells me that my packet was dropped:

The rule that triggered this action is: @5(1000000103) block drop in log inet all label "Default deny rule IPv4"

Ticking 'Bypass firewall rules for traffic on the same interface' in System/Advanced/Firewall & NAT allows my packet to go through, but of course that's defeats the purpose.
Also: It does work for ICMP packets (those are not blocked by the "Default deny rule IPv4") rule.

Pfsense version is 2.3.2-RELEASE-p1 and is worked fine with the lastest 2.2 release