I wanted to lockdown a list of lan servers to external roaming users with dynamic IP’s. I created a bunch of NO-IP trackers , well 60 of them and distributed them to the users computers. Then I created an allow rule to let that alias list of fqdn’s in to an alias server list on the local lan followed by a block rule for anything else. This seemed to work well, I also lowered the time value which pfSense resolves the FQDN’s down to 2 minutes. At the end of the user alias list I also added some static IP’s of external sites were users worked and needed to be let through.
Shortly after I added the static’s the allow rule started failing for those static’s i.e the firewall block rule started blocking a couple of them, I think there were about 6 altogether. In the end I had to add seperate allow rules for the static IP to be let through. Anyone else had this behavoir or know why this might happen? currently on 2.4.5
Hey Tom thanks for the reply, we run a lot of services from our building 24/7 so don’t like to have it down at any point. However we do have an exact hardware replica of the Dell R610 it’s running on which is on the latest version which just sits in the wings in case of failure. We do intend to swap it over to that at some point one weekend shortly, hopefully that might make a difference to the issues we’re seeing. Like I said to Paul I will look into WireGuard and Tailscale anyhow as we do use pfSense vpn’s for other applications.