OPNsense Forum

Archive => 15.7 Legacy Series => Topic started by: Maarten on December 08, 2015, 01:34:50 pm

Title: State table problem
Post by: Maarten on December 08, 2015, 01:34:50 pm

Hi,

I've got a problem with the state table. The column "Int" always states "all" instead of the right interface name. Is this on purpose?

Thanks

Title: Re: State table problem
Post by: 8191 on December 08, 2015, 03:46:29 pm

Hi Maarten,
pf (the firewall behind the OPNsense GUI) by default applies states on a floating interface basis:

Code: (pf.conf(5)) [Select]

     set state-policy
           The state-policy option sets the default behaviour for states:

           if-bound     States are bound to interface.
           floating     States can match packets on any interfaces (the
                        default).

So unless specifically defined something like set state-policy if-bound for a firewall rule, the states can float between interfaces and therefore the state is recorded for all interfaces.

Unfortunately I think it's not possible to set up this kind of rules in OPNsense. So I would say that the interface column of the state table is without any function at the moment...

Title: Re: State table problem
Post by: Maarten on December 10, 2015, 11:44:51 am

hi mf,

Thank you for answering. When you set a firewall rule, for example on the lan interface. Then you would expect the rule to be bound on that interface and show up as such in the state table, right? On pfSense this is the case, is this behaviour changed in OPNsense?

I use it quite a lot in pfSense when for example setting up policy based routing, you can easily see where it goes wrong if it does.

Thanks.