Is there a way to turn off "let out anything from firewall host itself" rule or other automatically created rules that do not have the looking glass icon?
Hi,
yes eg. 'Disable all firewall (including NAT) features of this machine'
https://docs.opnsense.org/manual/firewall_settings.html
Good to know that I can turn off the firewall completely, however I just want full control of the firewall, not to get rid of the firewall altogether.
At the least, I would be happy if OPNsense allowed custom rules to take precedence over automatically generated ones...or have ability to turn them off if getting rid of them would break scripts.
Interfaces : WAN_X : Dont use "Upstream Gateway", instead just "auto-detec". Then you have to set default gateway manually and add manual NAT rules
What about - "pass out log from {any} to {any} keep state allow-opts label "1232f88e5fac29a32501e3f051020cac" # let out anything from firewall host itself" rule?
What's the best way we can modify it (in my case I need "keep state ( sloppy )" ?
P.S.
Found a solution for myself (of course this will go away after any upgrade...)
root@OPNsense1:/usr/local/etc/inc # diff filter.lib.inc filter.lib.inc.org
542c542
< array('direction' => 'out', 'statetype' => 'sloppy', 'allowopts' => true,
---
> array('direction' => 'out', 'statetype' => 'keep', 'allowopts' => true,
Quote from: bobm on September 09, 2020, 09:55:05 PMAt the least, I would be happy if OPNsense allowed custom rules to take precedence over automatically generated ones...or have ability to turn them off if getting rid of them would break scripts.
The "let out anything from firewall host itself" automatic floating rules are non-quick, so any quick rules you define will take precedence.
Also have you looked at the "Disable force gateway" option under Firewall>Settings>Advanced?