pfSense dropping packets from specific hosts (outdated bogons lists)
After a fresh pfSense install, I found out that traffic from specific hosts was being dropped when it should have been allowed based on the firewall rules I defined.
It turned out that the option "block bogon networks" was activated on the WAN interface, and that fresh pfSense images come with a slightly outdated bogon list.
If you are facing this problem, you have three options:
1. disable the "Block bogon networks" option at the bottom of the WAN interface page
2. after at most one week, the list will be updated automatically as long as the box is online (there is a cron entry, grep your config file for bogon)
3. if you don't want 1. and can't wait for 2, you can trigger the update process manually by running:
It turned out that the option "block bogon networks" was activated on the WAN interface, and that fresh pfSense images come with a slightly outdated bogon list.
If you are facing this problem, you have three options:
1. disable the "Block bogon networks" option at the bottom of the WAN interface page
2. after at most one week, the list will be updated automatically as long as the box is online (there is a cron entry, grep your config file for bogon)
3. if you don't want 1. and can't wait for 2, you can trigger the update process manually by running:
/etc/rc.update_bogons.sh 0Check the output from the Status -> System Logs -> System page (I ran it from a serial console, but it should work fine by ssh or from the exec.php page too)
Trackbacks
The author does not allow comments to this entry
Comments
Display comments as Linear | Threaded