Hello, new install (20.7.1), no netmap features enabled yet (IPS/Sensi). Setup the Spamhaus and DShield block rules as per https://docs.opnsense.org/manual/how-tos/edrop.html . Did both in for WAN (Block incoming) and LAN (block outgoing). No blocking is occurring!
Took a /24 network from the Spamhuas Block, went to the pftables to pull it so I knew the table loaded fine. Used a scan tool for the entire /24 that checks icmp, http, https, ftp and now I have a good map of a bad subnet as no traffic was blocked.
Rules were applied, block Rules at top of the ruleset, ensured Quick is enabled so the block rule is applied first, disable firewall is not checked. Did a reboot to also validate and no change. I do have logging enabled for ALL rules, so I see the traffic hitting the outgoing pass rule which is clearly lower in the priority list.
Is this a potential 20.7 issue? I just migrated from pfSense.
I use those block rules and they block fine here. They are rare, but I had a couple from spamhaus outgoing two days ago. Incoming are frequent enough so disabled logging. It would be useful to post a screenshot of the rules as entered. Here are two blocks trying to enter (into) the LAN (igb0) interface.
Aug 18 11:09:44 192.168.1.1 filterlog[31571]: 111,,,0,igb0,match,block,in,4,0x0,,255,17818,0,none,1,icmp,60,192.168.1.177,185.77.248.16,datalength=40
Aug 18 11:10:45 192.168.1.1 filterlog[31571]: 111,,,0,igb0,match,block,in,4,0x0,,255,34524,0,none,1,icmp,60,192.168.1.177,185.77.248.10,datalength=40
I even added a rule to stop google (8.8.8.8) and I could ping it all day no issues. Reloaded the box from scratch, put the same rule in and now it works.
No ideal as to what happened.