OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: loganx1121 on April 18, 2020, 07:18:28 pm

Title: Question about "let anything out from firewall host itself"
Post by: loganx1121 on April 18, 2020, 07:18:28 pm

I have an interface configured on the firewall that is a separate network and it's mostly blocked off from reaching every other network.  I put a test windows virtual machine on this network and needed some rules so it could hit my domain controllers, etc.  I noticed though, that when I look at the logs, it's not hitting the rules I made.  The traffic is passing and all is working as expected, but it's hitting this "Let anything out from firewall host itself" rule....which I can't seem to find anywhere, instead of hitting the rule I made.

If I disable the rules I made to allow the traffic, the log clearly shows them hitting the deny rules I put below the allow rules.  Just curious why I'm not seeing the right rule label in the logs?

Thanks in advance

Title: Re: Question about "let anything out from firewall host itself"
Post by: shadesh on April 18, 2020, 07:51:49 pm

The Rule "let out anything from firewall host itself" you are searching is under "Floating" Rules Tab and there on the upper right you'll find a symbol named "Automatically generated rules".

Title: Re: Question about "let anything out from firewall host itself"
Post by: loganx1121 on April 18, 2020, 08:12:40 pm

Ah got it.  Thanks!  Any idea why that seems to be taking precedence over the rule I made?

Title: Re: Question about "let anything out from firewall host itself"
Post by: loganx1121 on April 22, 2020, 07:02:20 am

Anyone have an idea? I'm seeing this more and more. It seems like the floating "Let anything out" rule is taking precedence over actual rules I've made. It's making it difficult to monitor traffic appropriately.