OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: roro on November 24, 2016, 11:37:11 am

Title: Block private networks from OPT1
Post by: roro on November 24, 2016, 11:37:11 am

Hello,
I use OPNsense 17.1.a_753-i386 on soekris but I get the following:
@68 block drop in log quick on vr2 inet from 10.10.0.0/8 to any label "Block private networks from OPT1"

When I put utp in OPT2 no problems.

Something wrong in filterrules?
Greetings.

Title: Re: Block private networks from OPT1
Post by: fabian on November 24, 2016, 03:18:50 pm

You can enable or disable filtering private IP addresses per interface. Should be in the interface settings. The Firewall pages will show it to you if this addresses are blocked with a link to the page which has the settings.

Title: Re: Block private networks from OPT1
Post by: roro on November 24, 2016, 08:30:49 pm

Hello,
I knew that.

I did some extra testing:

when Private enabled and Bogon disabled it doesn't work.
when Private disabled and Bogon enables it works.
when Private and Bogon are disabled it works.

Looks like Private is swapped with Bogon. Something for Franco?

Greetings.

Title: Re: Block private networks from OPT1
Post by: franco on November 25, 2016, 05:13:56 pm

Hey,

Nice catch and many thanks for running -devel!

# opnsense-patch 9e5aa0c


Cheers,
Franco

[1] https://github.com/opnsense/core/commit/9e5aa0c