I have PIA setup on my pfsense box with policy routing everthing is working fine my aliased host go out through the pia gateway. My problem is i can’t get the killswitch to work at all in floating rules. If i create a block rule under the lan tab and place it under the allow host rule for pia and above the lan to any wan rule when the pia vpn disconnects the killswitch works as intended, however as soon as pia vpn reconnects it moves my block rule to the bottom of the rule list and no longer works until i manually move it back? Any help would be appreciated.
Not too clear on your setup, however, I have a VPN running on it’s own vlan, if the vpn connection goes down all traffic stops. I haven’t added any rules which differ from my ISP vlan rules other than the gateway. However, under System>Advanced>Miscellaneous>Gateway Monitoring I have checked the “Skip rules when gateway is down” option.
I think if you have all your traffic on the same LAN you will always be at risk of traffic leaking if you make a config error, splitting out the network is a better idea or even running a VPN client on the device would be better.
The rules don’t change order unless something changes them such as pfblocer.
Thanks Tom, This may very well be my issue in pfblocker i had changed the Firewall Auto Rule Order to
| pfb_Pass/Match | pfb_Block/Reject | pfSense Pass/Match | pfSense Block/Reject | I have now changed it back to the default order for testing. I’ll update my findings later, thank you for the advice this was gonna be my next step but needed a break from it lol.
Hey Tom pfblocker was the issue it is now working with the block rule in lan tab. I still can’t get it to work as a tagged floating rule oh well.
Thank you for the suggestion!!