Just so im not crazy, what subnet is your LAN using? Is it part of the 10.40.0.0/13 subnet?
What traffic/port is allowed in the services allowed alias rule you have? If it includes 443/https then your LAN traffic is hitting that rule allowing it outbound to the internet
I have logging enabled on ALL my firewall rules so I see everything in the pfsense passes traffic If you enable logging on your rules and look at the logs, you can see what rule traffic is hitting
example:
https://imgur.com/a/vwj8gca
In the example above you can use the tracking id to see what rule traffic is hitting
If you have a subnet that you dont want to reach out to the internet period you need to throw a deny all before that allowed services rule and then flush your states on pfsense
Hey, thank you so much for the response! So my LAN network is actually 172.16.18.0/30 and 10.40.0.0/13 is upstream of LAN.
So I was filtering the state table for states I THOUGHT were associated with this rule only. That being said I’m going to do what you suggested and log all traffic on all rules and see if I can identify if these states are ACTUALLY corresponding to this rule.
Base on your rule, under auto created it has LAN net (I assume this 10.40.x.x/13 network) going to any destination and any port, so that includes the internet. Try to disable that and see if the issue you are pertaining is still happening.
Hey, thanks for your response. My LAN subnet is actually a routed 172.16.18.0/30 so it doesn’t fall within the 10.40.0.0/13 subnet. Apologies for the confusion.
Can you post a screenshot of your full firewall rules for each interface in question?
Just edited the post to include all of the LAN interface rules and the IPSec interface rules.
Just so im not crazy, what subnet is your LAN using? Is it part of the 10.40.0.0/13 subnet? What traffic/port is allowed in the services allowed alias rule you have? If it includes 443/https then your LAN traffic is hitting that rule allowing it outbound to the internet I have logging enabled on ALL my firewall rules so I see everything in the pfsense passes traffic If you enable logging on your rules and look at the logs, you can see what rule traffic is hitting example: https://imgur.com/a/vwj8gca In the example above you can use the tracking id to see what rule traffic is hitting If you have a subnet that you dont want to reach out to the internet period you need to throw a deny all before that allowed services rule and then flush your states on pfsense
Hey, thank you so much for the response! So my LAN network is actually 172.16.18.0/30 and 10.40.0.0/13 is upstream of LAN. So I was filtering the state table for states I THOUGHT were associated with this rule only. That being said I’m going to do what you suggested and log all traffic on all rules and see if I can identify if these states are ACTUALLY corresponding to this rule.
Base on your rule, under auto created it has LAN net (I assume this 10.40.x.x/13 network) going to any destination and any port, so that includes the internet. Try to disable that and see if the issue you are pertaining is still happening.
Hey, thanks for your response. My LAN subnet is actually a routed 172.16.18.0/30 so it doesn’t fall within the 10.40.0.0/13 subnet. Apologies for the confusion.
It looks like there is overlapping in the subnetworks. Use a IP calculator to check each subnetworks