Hey!
A user of my system reported issues access my IMAP server by IPv6.
After some digging around, I found his IPv6 in the firewall-logs
17,,,02f4bab031b57d1e30553ce08e0ec131,vtnet4,match,block,in,6,0x00,0xeb111,64,tcp,6,40,2a01:XXXX:fe02::110,2a00:XXXX:ea05,993,61465,0,SA,3642631772,3523825403,21420,,mss;sackOK;TS;nop;wscale
Rule 17, label 02f4bab031b57d1e30553ce08e0ec131 is the global IPv4/6 Default deny / state violation rule
@16 block drop in log inet all label "02f4bab031b57d1e30553ce08e0ec131"
[ Evaluations: 1886 Packets: 279 Bytes: 12488 States: 0 ]
[ Inserted: uid 0 pid 79740 State Creations: 0 ]
@17 block drop in log inet6 all label "02f4bab031b57d1e30553ce08e0ec131"
[ Evaluations: 1886 Packets: 427 Bytes: 45298 States: 0 ]
[ Inserted: uid 0 pid 79740 State Creations: 0 ]
I inserted a specific rule for his addresses (beside that the mail server has it's v4/v6 rules allowing access to all mail ports). I see other v6 addresses with the same issue, on v4, it works.
OPNsense 24.1.9_4-amd64
Anybody a good idea how to solve that, I was told it started recently, might be around the 24.1.9 update.
I did some more checks and the firewall blocks *all* IPv6 traffic with the "Default deny / state violation rule" even when a matching global ACCEPT rule on all interfaces is defined.
@Franco Looks like the packet filter is not processing any IPv6 rules despite that they're shown in the GUI.
Of course, IPv6 is enabled in the Interface settings.
I seem to be running into the same problem, I e. Opnsense blocking all ipv6 via "default deny" evev though there is ab express allow ipv6 to any rule.
If you don't show your "allow" rules it's difficult to diaganose, what might be wrong with them.