Can somebody help explain to me how the state listing works? I guess my main question is why are these sessions being marked with the specific rule? The rules listed have nothing to do with the sessions listed. For example, "allow access to DHCP server" is an automatic rule, yet, looking at those states, DHCP doesn't use port 8883, let alone TCP... This is the case for my "Allow Airplay to IoT" rule as well. Those ports (5223) are not included in that rule. Is this a bug, am I just not understanding how OPNSense is detecting the sesions?
Thanks!
Quotehow the state listing works?
in short it is the processed output of the 'pfctl -vvss' command
Quotethese sessions being marked with the specific rule?
because the above command indicates the number of the rule that created the state
QuoteThe rules listed have nothing to do with the sessions listed.
I think this may be due to the age of the state and a possible change (adding or removing) of rules. when reloading the rules, the state table does not change, but the order of the rules and, accordingly, their numbers can change. in this case, the state table may point to an invalid rule number for states created before the rules table was modified.
you can try to delete this state and see which rule will create a new state.
this is the pf behavior. not opnsense
That makes perfect sense, didn't think about how modifying rules could affect the state listing. I've been making lots of changes as this is a new firewall, so that explains everything. I'll keep an eye on it after a reboot and see how the rules match up then.
Thank you for your response!