OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: narfight on August 25, 2017, 07:54:41 am

Title: [SOLVED] I need to restart OPNSense to apply the rules !
Post by: narfight on August 25, 2017, 07:54:41 am

Hello,

I use OPNSense (OPNsense 17.7-amd64/FreeBSD 11.0-RELEASE-p11/OpenSSL 1.0.2l 25 May 2017) on Watchguard XTM505.

When I create a news or update a rules and click to "reaload changes", no error but the changement don't be apply !

filter reload log :

Code: [Select]

1503639532.2634: Initializing
1503639532.2636: Creating aliases
1503639532.2637: Generating NAT rules
1503639532.2638: Creating 1:1 rules...
1503639532.2639: Creating outbound NAT rules
1503639532.264: Creating automatic outbound rules
1503639532.3072: Creating NAT rule Rediriger le trafic vers le proxy
1503639532.355: Loading filter rules
1503639532.3721: Setting up logging information
1503639532.3722: Setting up SCRUB information
1503639532.3722: Generating rules
1503639532.3867: Creating IPsec rules...
1503639532.3868: Executing packet filter reload
1503639532.4187: Cleanup schedule states
1503639532.4244: Reloading filterdns daemon
1503639532.4245: Flushing schedule state
1503639532.4246: Processing down interface states
1503639532.4247: Done
I need to restart OPNSense to apply correctly .... it's very no frendly use.

My test is very simple. I create à rule to allow ping or not on the interface

Code: [Select]

IPv4 ICMP * * * * * Easy Rule: Passed from Firewall Log
Can you help me ?

Thk in advance

Title: Re: I need to restart OPNSense to apply the rules !
Post by: franco on August 25, 2017, 08:25:31 am

How do you test this? I suspect you are testing agains a known state of an already established connection. That doesn't work unless you clear the states, but this will disrupt *all* connections during a reload, so firewalls do not normally do this.

Title: Re: I need to restart OPNSense to apply the rules !
Post by: narfight on August 25, 2017, 12:12:06 pm

Hello,

Thank for your help.

I just tested this:

• start an old computer
• Takes his IP
• create a rules to block ICMP from this IP and put this rules on the top
• reload rules config
• start PING on the old computer: firewall reply
• reboot OPNSense
• Rules loaded: firewall do not reply anymore

On SSH, the file /tmp/rules.debug is only updated on the reboot !

Title: Re: I need to restart OPNSense to apply the rules !
Post by: franco on August 25, 2017, 02:55:23 pm

Hi there,

Are you sure you create the rule and apply before you start the ping?

If yes, please try to stop the ping that should be blocked and restart it. It should block unless the rules have really not been updated.

If the rules haven't been updated, we need to find out why your installation does that. It is not normal.


Cheers,
Franco

Title: Re: I need to restart OPNSense to apply the rules !
Post by: narfight on August 28, 2017, 01:12:02 pm

Hello,

I formatted the disk and changed to nano OS on CompacFlash.

When I reinupped my backup, everything came back to normal

Thank for your help.

Title: Re: [SOLVED] I need to restart OPNSense to apply the rules !
Post by: franco on August 28, 2017, 01:27:05 pm

Ok, glad to hear. Thanks for checking back. :)