OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: vincent0 on February 19, 2022, 09:35:11 pm

Title: Question about mutiple port alias and firewall rules
Post by: vincent0 on February 19, 2022, 09:35:11 pm

Hi there,

I have a question about a multiple port alias and firewall rule. Here is some example :
- I want to open a DMZ HTTP proxy server using IPv6 to public WAN
- So I need to open HTTP (80) and HTTPS (443)

To do this :
- I create alias for proxy server IPv6
- I create mutliple port alias for HTTP and HTTPS
- I create a rule on WAN interface allowing incoming connections on IPv6 to proxy serveur using IPv6 alias for destination and the multiple port alias to allow in the same rule both HTTP and HTTPS

--> This only allow HTTP (because fisrt port in the multiple port alias).

To have HTTPS working, I need to create a second rule with only HTTPS, and let only HTTP in first rule.
And I don't want to allow a range from 80 to 443, only 80 and 443.

Is a multiple port rule is allowed in Opnsense ? If yes, how to do this ? According to the web interface, only one port is allowed in destination port (or port range, but not multiple port alias, or this is not working).

Seems to be the case in pfsense to use multiple port aliases.

Many thanks

Title: Re: Question about mutiple port alias and firewall rules
Post by: Saarbremer on February 21, 2022, 05:50:01 pm

When you unfold the "Automatically generated rules" on the LAN rules page you'll see that the "anit-lockout rule" uses 3 different ports and it will work as you can see when clicking "inspect". It will show you some passed bytes and packets.

Did you enable logging for the rules and check with protocol view what actually happened?