Hi,
so, in my firewall logs, pretty much any packet that is allowed is allowed because "let out anything from firewall host itself".
I do have rules that allow traffic, so I would expect to see them there.
Is this because this is the name of the last match rule in the "out" direction?
If so, I do understand this, but it still makes the whole thing a bit useless.
Did you even enable logging of your user rules?
Every packet that goes through opnsense passes the firewall twice, once when entering the device (,,in"), once when leaving it again (,,out").
All your filter rules should usually be on the ,,in" direction and the ,,let out anything..." rule is normally the only ,,out" rule. That means that almost every packet will match that rule.
I would recommend disabling logging for that rule under ,,Firewall" -> ,,Settings" -> ,,Advanced" -> ,,Logging" -> ,,Default pass"
Both good suggestions, thank you.
Quote from: troplin on October 27, 2024, 04:14:59 PM
Every packet that goes through opnsense passes the firewall twice, once when entering the device (,,in"), once when leaving it again (,,out")....
Only if the packets are originating outside the firewall and passing through.
You can have packets coming in and TERMINATING in the firewall host itself. (and vice-versa.)
Quote from: decibel on October 28, 2024, 01:08:33 AM
Quote from: troplin on October 27, 2024, 04:14:59 PM
Every packet that goes through opnsense passes the firewall twice, once when entering the device (,,in"), once when leaving it again (,,out")....
Only if the packets are originating outside the firewall and passing through.
You can have packets coming in and TERMINATING in the firewall host itself. (and vice-versa.)
Yes, but he wrote:
"Every packet that goes
through opnsense..."
So both of you are correct, I guess.