Hi,
I am running opnsense 25.1.3.
I have 4 VLANS. GENINT, LANNET, IOTNET, CAMNET.
In GENINT the last 2 rules are the ones in the pics
The second pic is the log of the firewall essentially allowing one traffic and blocking another one. Which for me should both trigger the pass rule.
Any hints about why my configuration is wrong ?
Thanks.
JC
If you use destination invert you can use only one object in the rule. Create your own Network(s) alias for all the networks that should not be allowed to send to and use that.
@Patrick thanks for the info. Will change my config.
Just adding some info for context if anybody else arrive here. Looking at the logs in detail I can see that traffic is actually allowed trough the WAN interface, which never the less was the intention.
vlan01.73 match block in 4 0x0 64 0 0 DF 6 tcp 52 192.168.73.112 17.111.103.20
vlan01.73 match block in 4 0x0 64 0 0 DF 6 tcp 83 192.168.73.112 17.111.103.20
pppoe0 match pass out 4 0x0 63 0 0 DF 6 tcp 64 XX.XX.XX.XX 17.111.103.20
vlan01.73 match pass in 4 0x0 64 0 0 DF 6 tcp 64 192.168.73.113 17.111.103.20
pppoe0 match pass out 4 0x0 63 0 0 DF 6 tcp 64 XX.XX.XX.XX 17.111.103.20
vlan01.73 match pass in 4 0x0 64 0 0 DF 6 tcp 64 192.168.73.102 17.111.103.20
pppoe0 match pass out 4 0x0 63 0 0 DF 6 tcp 64 XX.XX.XX.XX 17.111.103.20