Messages

1

18.1 Legacy Series / Re: When the system updates the drop and edrop list from spamhaus ?

« on: March 02, 2018, 02:03:28 pm »

Hi,

Yes, of course I understand that firewall rules order is important. But if it would match any of Alias State block rules shouldn't we see on firewall logs that something was blocked by this rule, not by Default deny?
However, at the moment on our server there are no other rules than Allow all. Also, there are no floating rules configure. But Default deny is constantly blocking something. We can see it appearing on Firewall logs live view.
OPT1 is our bridged interface with members WAN and LAN. Physical external interface is WAN and internal is LAN.
Attaching network scheme of our setup.
It would be good to solve that Default deny issue first. Then we could try to move on setting up alias blocking rules.

2

18.1 Legacy Series / Re: When the system updates the drop and edrop list from spamhaus ?

« on: March 01, 2018, 10:13:23 am »

I can't understand how can it don't match any rule if we have "allow all" on all interfaces... And if this is state tracking failures why they happens then? Something wrong in our firewall setup?
OK, then which settings should we change on our VPNSence firewall to avoid such cases?

 

3

18.1 Legacy Series / Re: When the system updates the drop and edrop list from spamhaus ?

« on: February 20, 2018, 04:15:39 pm »

Hi Franco,

Could you please also help will "Defaul deny rule" issue with the same server. We have configured OPNSence as transparent bridge. There are "allow all rules" on every interfaces but quite often we can see that "Default deny" is taking action.  Why it is even reached at all is we have "Allow all rule"?
I'm attaching a couple examples of blocked packets. Why it happened and what to do fix this issue?