OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: dyonis0s on September 11, 2019, 10:48:38 am

Title: Security issue : Bridge is permissive on reboot
Post by: dyonis0s on September 11, 2019, 10:48:38 am

Hello everyone, I made some security testing on OPNsense 19.1.

I've configured it with two interfaces in bridge mode. The firewall is placed inside Hyper-V.
On the one hand, the first interface is conected to VM with hping in flood mode. On the other, on the second interface, I've a VM with wireshark. The firewall is configured to block every packets.

I observed that on reboot of the firewall, it become permissive for about 0 to 1 second on startup.

Is that an issue that you already known ?

Title: Re: Security issue : Bridge is permissive on reboot
Post by: bartjsmit on September 11, 2019, 10:59:16 am

Does this also happen with OPNsense in router mode?

Bart...

Title: Re: Security issue : Bridge is permissive on reboot
Post by: dyonis0s on September 11, 2019, 11:13:09 am

I didn't test in routing mode

Title: Re: Security issue : Bridge is permissive on reboot
Post by: bartjsmit on September 11, 2019, 06:01:32 pm

It's worth testing to see if the permissive period is due to the bridge coming up before the firewall, or something innate to OPNsense.

Do you have net.link.bridge.pfil_bridge set to 1 under System, Settings, Tunables?

Bart...

Title: Re: Security issue : Bridge is permissive on reboot
Post by: dyonis0s on September 17, 2019, 02:43:11 pm

Sorry for the latency.
Indeed this variable was set to 1.