OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Is this on purpose????
« previous next »
  • Print
Pages: [1]

Author Topic: Is this on purpose????  (Read 444 times)

OBOne

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Is this on purpose????
« on: November 16, 2016, 04:32:17 pm »
I am new to this project and i am correctly testing this release.

Versions    OPNsense 16.7.8-amd64
FreeBSD 10.3-RELEASE-p11
OpenSSL 1.0.2j 26 Sep 2016

One thing i have found is if i ping 8.8.8.8 and i make a rule that blocks all ICMP and apply it, it still pings without problems?!?!?!? but if i kill the session on the client pc at try again it can't ping as expected!
Q: When i apply a rule like this should-en it KILL all sessions right away?

Regards
Martin
Logged

Phazor

  • Newbie
  • *
  • Posts: 1
  • Karma: 1
    • View Profile
Re: Is this on purpose????
« Reply #1 on: November 17, 2016, 05:35:07 pm »
If the connection is already active a rule change will not sever the connection until it is released and then attempted again. This is true of most all firewalls.
Logged

fabian

  • Hero Member
  • *****
  • Posts: 1251
  • Karma: 101
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Is this on purpose????
« Reply #2 on: November 17, 2016, 06:24:02 pm »
You can kill the states by resetting the state table if you like but this will break your active connections
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • Is this on purpose????
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2018 All rights reserved
  • SMF 2.0.15 | SMF © 2017, Simple Machines | XHTML | RSS | WAP2