OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: Ludovik on July 26, 2016, 11:04:24 am

Title: [SOLVED] Upgrade repository problem and firewall understanding
Post by: Ludovik on July 26, 2016, 11:04:24 am
Hi All and thanks for the great software.

I installed from scratch "OPNsense-16.1.8".
Then I upgraded it from the Webgui to "OPNsense 16.1.20" and everything seems ok, but when I clicked again on "Click to check for updates" button it return repository error.
I tried to go under System-Settings-General and click save, but it didn't work.
To fix it, I had to manually change /usr/local/etc/pkg/repos/origin.conf "${ABI}/16.7/latest" to "${ABI}/16.1/latest" so maybe there's something wrong on the upgrade package.

Then I have another question. I checked all documentation and forum, but I didn't find the answer.
I need to know how firewall works on OPNsense. Usually I work with input-forward-output schema, but I'm unable to find forward chain on OPNsense, so I don't know how to control forwarded traffic.

I didn't find how to manage ESTABLISHED and RELATED connections, is there some more specific documentation will all these information?

Thanks a lot in advance.
Title: Re: Upgrade repository problem and firewall understanding
Post by: fabian on July 26, 2016, 12:56:36 pm
1) See https://forum.opnsense.org/index.php?topic=3399.0
2) There is no forward chain - pf rules can be invoked when a packet is received (IN) or sent (OUT) by an interface. Forward traffic hits the firewall twice: once it is received and once it is sent out to the next router / host. The GUI of OPNsense creates only rules for incoming traffic.
3)  https://www.openbsd.org/faq/pf/filter.html if you need additional information.