Hello,
I have two OPNsense 26.1.4 instances with the same configuration (but different CIDRs).
OPNsense A (no issues) was updated from 25.x to 26.1, and then the firewall was migrated to the new rules.
OPNsense B (has issues) was installed fresh. The legacy firewall rules were manually copied from OPNsense A, and the firewall was migrated to the new rules.
I have a native network and several VLANs:
native: 10.0.0.0/24
vlan2: 10.0.2.0/24
vlanN: 10.0.N.0/24
vlan6: 10.0.6.0/24
These networks are grouped into interface groups:
group1: native, vlan2, ...
group2: vlan6, ...
I also have a VIP (IP alias), which I tried binding to the loopback or the native interface: 192.168.10.10
OPNsense HAProxy is bound to the VIP address on port 443.
Firewall rules:
Allow IN on interface "group1" from any to "This Firewall" TCP/443
Allow IN on interface "group2" from any to "This Firewall" TCP/443
When I try to access the VIP from a computer in vlan6, the traffic is blocked.
In the live logs, I see:
block IN interface vlan2 from 10.0.6.123:12345 to 192.168.10.10:443
If I disable the rule
"allow IN interface 'group2' ...", I get:
block IN interface vlan6 from 10.0.6.123:12345 to 192.168.10.10:443
I don't understand why vlan2 appears in the first case. And why it is blocked.