OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: remd on August 04, 2017, 01:33:48 pm
-
This may have nothing to do with the update, but it seems that whenever I create a rule it becomes active some time later (15min maybe). Like when I set a rule to block all, I can still access, and when I set it to allow again after a while, it is blocked, and then it is allowed again after some time.
Is this how it is supposed to work ? and if so is there a way to flush rules so that they are applied right away ?
-
This is starting to become problematic, a rule that was working before doesn't work anymore even if I give full access, so it's not just delayed, it doesn't seem to work anymore.
I don't know if it's a coincidence but since I applied the opnsense-patch f25d8b patch to fix the quick floating feature I'm having various issues. In the logs I see packages being blocked that weren't before and when I select the easy rule to let them pass it doesn't add it to the rules, so it seems broken.
The other firewall where I didn't apply that patch does apply the easy rules, so the problem seems to be related to the first one where I applied the patch.
Not sure what to do now is there a fix or should I reinstall all from scratch? Can that patch be reversed ?
-
You simply run the patch command again to revert. The issue you are describing is completely obscure though.
Firewall rule changes must be committed, that is what the "apply" on the reloaded page is for after saving.
A later background reload may pick up stray changes that were not previously committed, but the system should never react erratic and chaotic. Unfortunately, there is not much that can be done to find out what is wrong locally, it could be anything from hardware issues, VM problems, defect switches or cables...
-
I haven't fully solved the issue yet, but its probably not related to the patch..
the easy rules was creating a rule on another interface for some reason (maybe a confusion with the naming of the vlan - LAN), in any case I created the rule manually and that seems to work now.
I'm still struggling to access the web server in a dmz vlan from another vlan, but the debugging tools are helpful and I can see that the traffic seems to be reaching the server but not getting back, I should be able to work it out eventually..
btw thanks for the reply it came as I was posting :)
-
i was missing a static route back to the 2nd firewall for that particular vlan, it is working fine now.