OPNsense Forum
English Forums => General Discussion => Topic started by: toxic on September 08, 2020, 09:55:48 pm
-
Hello,
I just fail to understand the purpose of this rule...
In my logs, I see this that ping(ICMP) traffic from 10.0.0.50 to 10.0.0.10 is listed as allowed by the rule "let out anything from firewall host" . See attached screenshot for the firewall logs.
Attached you will also see that this "let out anything from firewall host" rule in the firewall tab does not look at all to be limited to "this firewall" as both source and dest are set to *
This firewall is not 10.0.0.50 nor is it 10.0.0.10... Why is it a match ?
Now that I enabled all logs, I see that first my rule LAN to LAN does match as Pass and then this automatic rule matches.
My guess is that it's because these 2 hosts are actually on 2 physically distinct interfacess that I bridged together, so the packet gets a Pass when coming in, and again to be routed from one bridge member to another....
Am I right ?
In any case, it was quite hard to understand this, with not all logs present it made no sense to me.
Saldy, I cannot disable the loging for this automatic generated rule...
10.0.0.1:57735 10.0.0.10:445
-
It seems we are looking for same answers. One thing of note is that this rule supposed (gray lightning bolt) to evaluate last so I think it would be possible to add custom rule negating it in whole or partially.