Hi all,
Just upgraded (Currently running OPNsense 18.1.1-amd64) and I see something weird in the new log Live View.
Attached 3 files, fw_rules.png, fw_log.png and fw_log2.png
In fw_log.png you will see:
Blocked on interface VLAN99, source 192.168.x.20 to destination 192.168.1y.y port 8880 rule description 'Allow guestnet to guestportal'
In fw_rules you see the second rule says:
Allow from source VLAN99 net to destination 192.168.1y.y port 8880 rule description 'Allow guestnet to guestportal'
So in logging it seems traffic is blocked by a rule that actually allows the traffic.
Am I missing something here ?
And to make it more strange, when I change the logging page to show 5000 lines and look for the lines in fw_log.png, I see again something strange, see fw_log2.png
Any idea?
I have a similar effect, but (as I thought until now) that results from another problem. I have a problem with the resolving of host names, behind which there is a load balancer. But the effects I see in the log are similar: https://forum.opnsense.org/index.php?topic=7168.msg32022#msg32022
But your problem doesn't seem to be a DNS-problem.
It seems similar indeed.
I see it all the time now. For all sorts of rules the Live View messes it up and showing strange results.
As those are TCP Hits - how about showing the corresponding TCP Flags? It wouldn't surprise me if the blocks are a strange/bad combination of TCP flags and the passes are simple straight S/SYNs.
I'm currently logging a lot which makes it a bit hard to find those lines back. I rebooted my opnsense box last night since it was unstable (all since upgrade to 18.1), and it seems OK now.
I will keep an eye on it and report back if I see this happening again