OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Outbound connections blocked by Default deny rule
« previous next »
  • Print
Pages: [1]

Author Topic: Outbound connections blocked by Default deny rule  (Read 4853 times)

JohnnyBeee

  • Jr. Member
  • **
  • Posts: 54
  • Karma: 0
    • View Profile
Outbound connections blocked by Default deny rule
« on: August 09, 2018, 08:40:21 am »
I checked my firewall log and noticed the occasional entry for blocked connections from devices on my LAN to the internet or even to my DMZ due to the "Default deny rule".
Examples:
   lan   Aug 9 07:34:55   192.168.1.oo:23916   104.95.229.140:443   tcp   Default deny rule
   lan   Aug 9 07:17:23   192.168.1.nn:57579   52.85.221.90:80   tcp   Default deny rule
   lan   Aug 9 05:53:22   192.168.1.nn:52329   192.168.3.xx:80   tcp   Default deny rule

I checked the connection from the LAN device 192.168.1.nn to the DMZ (192.168.3.xx:80) and it worked.
How can this default rule apply to those connections and not to all my connections?
Where can we check these default rules and possibly change them?

Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13661
  • Karma: 1175
    • View Profile
Re: Outbound connections blocked by Default deny rule
« Reply #1 on: August 09, 2018, 11:20:02 am »
When the connections operate outside of the state tracking plausibility bounds they will be terminated by the default rule. It can happen with loops, excessive retransmissions or asymmetric traffic.

You can turn off state tracking if this is relevant or inspect the involved networks / devices for network setup issues.


Cheers,
Franco
Logged

JohnnyBeee

  • Jr. Member
  • **
  • Posts: 54
  • Karma: 0
    • View Profile
Re: Outbound connections blocked by Default deny rule
« Reply #2 on: August 09, 2018, 02:47:04 pm »
Quote from: franco on August 09, 2018, 11:20:02 am
When the connections operate outside of the state tracking plausibility bounds they will be terminated by the default rule. It can happen with loops, excessive retransmissions or asymmetric traffic.

You can turn off state tracking if this is relevant or inspect the involved networks / devices for network setup issues.


Cheers,
Franco

Thank you.

How do I turn off state tracking?
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13661
  • Karma: 1175
    • View Profile
Re: Outbound connections blocked by Default deny rule
« Reply #3 on: August 11, 2018, 01:44:15 pm »
In the pass rule that is supposed to pass your traffic go to advanced settings, change state tracking to "none".


Cheers,
Franco
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Outbound connections blocked by Default deny rule
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2