OPNsense Forum
Archive => 19.7 Legacy Series => Topic started by: oceanpassage on October 11, 2019, 12:51:33 am
-
I was shocked to find out that my firewall rules with a specific gateway defined were being silently ignored by default when that gateway was down. I was down rite PO'ed by this because I had diligently searched all defaults and specifically read the following under Firewall Settings:
"Skip rules Skip rules when gateway is down" -- with the check mark unchecked. Which would mean to any normal person that checking it means to enable skipping rules when the gateway is down. But no, it means just the opposite! Read carefully the contorted explanation if one would ever check the detailed description which you wouldn't because the initial explanation is so deceptively clear:
? "By default, when a rule has a specific gateway set, and this gateway is down, rule is created and traffic is sent to default gateway. This option overrides that behavior and the rule is not created when gateway is down" -- COMPLETELY OPPOSITE TO THE READING OF THE SHORT EXPLANATION ABOVE.
The end result is many of you out there are believing that your rules are routing your private traffic over a VPN but for month's or perhaps even longer, if your VPN is down or due to an upgrade the VPN client service is shut off, Opnsense silently routes your traffic to the default network. Not even the firewall logs alert you. They even show the defined gateway rules still executing properly/
Whose side are the developers on here? I originally stopped using pfsense because of the same horrendous security sellouts. And now it's here!