OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: G on February 09, 2021, 02:40:01 pm

Title: Default deny rule change
Post by: G on February 09, 2021, 02:40:01 pm

Hi,
for testing purposes I want to allow all traffic from my LAN interface, while using certain rules to categorize.
Even after configuring an any to any allow rule, I still get packets blocked by the default deny rule. Is there a way to check what's wrong with these packets without having to capture and manually review them?
Quite a few of them are actually Https.
I also had to disable Firewall Rules Optimization as it seem to increase the number.
Thank you.

Title: Re: Default deny rule change
Post by: errored out on February 10, 2021, 12:01:38 am

Can you post your rule(s)?  One thing I ran into is specifying the Source OS. 

Also, where are you allowing your LAN traffic to go?  Do you have rule(s) on that interface?  Have you check the direction of your rules? Need more background info.

Title: Re: Default deny rule change
Post by: G on February 10, 2021, 10:54:50 am

HI,
I have an any to any rule at the bottom of my LAN rules, so no traffic should be blocked by the firewall at all (i guess unless malformed or expired traffic)
I've attache dboth the rule and an example packet blocked (from a mobile phone, which seems to be the majority)

Title: Re: Default deny rule change (Pcloud issue?)
Post by: G on February 10, 2021, 05:46:32 pm

Hi,
I'm editing the title. After looking to what was blocked, it seems that most are connections initiated by Pcloud (cloud storage) on my desktop or mobile devices.
Does that rings any bells?