Text only | Text with Images

OPNsense Forum

Archive => 24.1, 24.4 Legacy Series => Topic started by: Evert on March 13, 2024, 09:36:16 AM

Title: Rule being ignored occasionally?
Post by: Evert on March 13, 2024, 09:36:16 AM
Hi all,

We have an interface named OFFICE where we allow anyone who is on the associated subnet (192.168.24.x) to connect to * on port 80 & 443 (TCP/UDP).
At the bottom of the rule list for this interface there's a rule blocking any traffic from OFFICE to !OFFICE.

When I enable logging on that last rule, I occasionally see requests from OFFICE to external hosts on 443/TCP (occasionally 80/TCP) being blocked.

Why would that traffic reach that rule, given that I allow all traffic on ports 80 and 443 higher up in the rule list?
Title: Re: Rule being ignored occasionally?
Post by: zan on March 13, 2024, 03:05:48 PM
Most likely out-of-state traffic. What are the 'tcpflags' of blocked packets?
Title: Re: Rule being ignored occasionally?
Post by: bazbaz on March 13, 2024, 03:55:43 PM
I have a rule that ALLOWS traffic to 443, that has started to be blocked! Logs report that packet has been dropped cause "Default deny / state violation rule"

Is there some big problem?

Title: Re: Rule being ignored occasionally?
Post by: Evert on March 14, 2024, 10:59:09 AM
Quote from: zan on March 13, 2024, 03:05:48 PM
Most likely out-of-state traffic. What are the 'tcpflags' of blocked packets?

PA, FPA, RA or A. It varies.
Text only | Text with Images