I have an OPNsense 22.7.2 box where I was trying to debug some traffic.
I have a Floating rule with the settings:
- Interface: Guest, VPN
- Direction: In
- Protocol: IPv4+6 TCP
- Source: any
- Destination: ALIAS (The alias contains 2 RFC1918 IPv4 addresses)
- Port: MS DS (445)
- Description: server CIFS
On the Floating Rules page, if I push "Inspect" then the UI updates to show me a new "States" column, which shows 1 session. This is as I expect (there is currently one client connected from the VPN interface, so this lines up).If I click the "1" text, then I get taken to the Firewall/Diagnostics/States screen where there are several matches, one of which is the one I expect, and several of which don't match the criteria. For example there are matches with the destination port of 80, there are IPv6 matches even though the alias only contains IPv4 addresses, etc. I've attached a couple of screenshots, some redacting has been done but there's enough to show that these states should not match the rule they claim to be matching