Hi all
I need to set a firewall option on all traffic coming into an interface (I need to set the reply-to field. I know I shouldn't need to, but I do. I think it's a bug).
How do I add a rule that will set the option, but will not pass or block traffic otherwise, and will not interfere with pass or block rules added later?
Thanks in advance.
EDIT: Here is why I need to set reply-to for the entire interface: https://forum.opnsense.org/index.php?topic=24776.0
What's the reply-to field in a networking context? I only know this in email.
Quote from: pmhausen on September 16, 2021, 09:37:49 PM
What's the reply-to field in a networking context? I only know this in email.
It tells the firewall to add a field telling it which interface to send the replies out through. This is used for multiwan where traffic should leave on the interface it came in on.
My setup has a peculiarity where for one type of link the default reply-to doesn't work. It works for the rest of them, though, which is why I consider it a bug.
Got it. Sorry, no clue.
AFAIK you can't specify simply a "Match" action for a rule.
Can't you just set the reply-to field on all the other rules?
Try disabling "Quick" option, so the action is not taken inmediately. The firewall will continue evaluating for the other rules until it reaches a quick rule or the last matching one.
Don't see how that solves the issue? Only one of the rules will apply
OP - just a thought. If you configure the IPv4 upstream gateway for the relevant interface under the interface settings, does that achieve the outcome for you?
Quote from: Greelan on September 17, 2021, 01:26:47 AM
AFAIK you can't specify simply a "Match" action for a rule.
Can't you just set the reply-to field on all the other rules?
I can, but that creates layers of complexity because I cannot use floating rules or firewall IF groups.
Quote from: Greelan on September 17, 2021, 03:01:15 AM
OP - just a thought. If you configure the IPv4 upstream gateway for the relevant interface under the interface settings, does that achieve the outcome for you?
It has been set all along. I had reliability issues with multiwan and auto detect years ago, and haven;t used it since.
Quote from: muchacha_grande on September 17, 2021, 02:04:13 AM
Try disabling "Quick" option, so the action is not taken inmediately. The firewall will continue evaluating for the other rules until it reaches a quick rule or the last matching one.
Can confirm what Greelan said - does not work, only the last rule takes effect.
Confirmation comes from testing...