Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: sngkomlpop on September 11, 2022, 12:11:10 PM

Title: Firewall rules' exact processing orders
Post by: sngkomlpop on September 11, 2022, 12:11:10 PM
Hi everyone, I want to make sure I have the correct understanding of the ordering of the firewall rules.

Suppose I initiate a connection from an IP in LAN to an IP in VLAN1, are the rules checked in this order:
1. Floating rules that have direction "in" (If it has a "Quick + Pass" rule, jump to 4. If it has a "Quick + Block/Reject", block connection.)
2. LAN's interface groups' rules that have direction "in" (if it has a "Quick + Pass" rule, jump to 4. If it has a "Quick + Block/Reject", block connection.)
3. LAN rules that have direction "in" (if it has a "Quick + Pass" rule, jump to 4.  If it has a "Quick + Block/Reject", block connection. Otherwise use the last relevant rule from 1+2+3. If no relevant rule from 1+2+3, block connection.)
4. Floating rules that have direction "out" (if it has a "Quick + Pass" rule, allow connection. If it has a "Quick + Block/Reject", block connection.)
5. VLAN1's interface groups' rules that have direction "out" (if it has a "Quick + Pass" rule, allow connection. If it has a "Quick + Block/Reject", block connection.)
6. VLAN1 rules that have direction "out" (if it has a "Quick + Pass" rule, allow connection. If it has a "Quick + Block/Reject", block connection. Otherwise use the last relevant rule from 4+5+6. If no relevant rule from 4+5+6, block connection.)
เว็บสล็อตอันดับ 1 (https://24hourhtmlcafe.com/no-1-web-slots/)
Is this correct? Thanks!
Title: Re: Firewall rules' exact processing orders
Post by: meyergru on September 11, 2022, 12:23:17 PM
This is explained here: https://docs.opnsense.org/manual/firewall.html

See "processing order".

BTW: This is the german part of the forum...
Text only | Text with Images