OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: nqnguyen2 on February 14, 2018, 06:51:12 am

Title: Strange firewall filtering behavior
Post by: nqnguyen2 on February 14, 2018, 06:51:12 am

I'm noticing some funky behavior. Has anyone experienced something similar? Do I need to reboot the firewall? Do I need to wipe clean and start over with fresh configs?

OPNsense version: OPNsense 18.1.1-amd64
Last reboot: 1.5 days ago

• Rules are as simple and basic as I can make it
• Brother's IP is in the pfTables and still in the tables right now
• Brother was able to access services from WAN to my LAN for several days
• Didn't make any changes to firewall
• Today, the same IP he's been using for the past few days doesn't get filtered by the "allow" rule but instead gets filtered by the Default Deny rule. Thus, he was blocked for some strange reason despite no changes made.

I'm at a total loss and I'm assuming it's my configs that's broken.

Title: Re: Strange firewall filtering behavior
Post by: dcol on February 14, 2018, 10:16:45 pm

I have seen this usually after I have moved around a bunch of rules. Try a Firewall>Diagnostics>state reset
Also, if you are using IDS/IPS try disabling it to see if that is doing the blocking.

Title: Re: Strange firewall filtering behavior
Post by: Ciprian on February 15, 2018, 09:50:57 am

After that, if IPS is not in the way and IPs are still blocked, activate log for every FW rule you have: by default, on custom rules the logging is not ON, so it's difficult to see which packet matches a particular rule, and vice-versa.

Title: Re: Strange firewall filtering behavior
Post by: nqnguyen2 on February 15, 2018, 10:48:35 pm

I cleared the states but had an opportunity to reboot also. I did both and everything appears to be normal again.

Thanks for the assistance everyone.