Messages

1

17.7 Legacy Series / Re: Rule enable doesn't block active traffic

« on: December 01, 2017, 01:46:50 am »

...would love to see your set of rules for both, WAN and LAN.

Nothing is needed on the WAN side. On the LAN side, it's just a simple Block action, source: LAN, destination: LAN, source addr: single address: <VM IP>

This is because OPNsense is a stateful firewall. https://en.wikipedia.org/wiki/Stateful_firewall

Not a bug - this behaviour is by design ;-)

Bart...

I have seen other stateful firewalls conduct said action just fine. I'm not so sure it has to do with the type of firewall it is.

2

17.7 Legacy Series / Rule enable doesn't block active traffic

« on: November 29, 2017, 02:34:47 am »

Hello All, kind of odd thing I am seeing with my FW:

I have WAN and LAN interfaces configured to block traffic from one specific LAN address to the rest of the LAN network (but still allow to outside WAN). With the rule enabled, pings from this LAN address to the other LAN addresses are blocked - good. However, If I disable the rule, run a -t on the ping, then enable the rule...the pings don't get blocked. I also don't see the actual blocks in the logs. Odd or just something I have set wrong?