"
I wish to have a Port Forward to be active only for a specific time range, unfortunately this is not possible in OpnSense, but it does offer time Schedules on regular Firewall Rules.
So my thought was to setup a Firewall rule on the VLAN to "local tag" the traffic I am interested in. This works and I can see the tag applied when viewing the Live View log.
Second step is to create the Port Forward on WAN and have it match the "local tag" set by the rule above from the VLAN. However this does not work.
It seems that the processing order of NAT then afterwards Firewall Rules applies globally across all interfaces, eg:
VLAN & WAN
1) NAT
2) Firewall Rules
Which means the idea of tagging via a rule then using it to match on the Port Forward is not going to work.
I was expecting it to apply locally across each Interface, eg:
VLAN
1) NAT
2) Firewall Rules <-- rule sets local tag
WAN
3) NAT <-- port forward matches local tag
4) Firewall Rules
Can anyone clarify this or have any suggestion on how this could be made to work?
So my thought was to setup a Firewall rule on the VLAN to "local tag" the traffic I am interested in. This works and I can see the tag applied when viewing the Live View log.
Second step is to create the Port Forward on WAN and have it match the "local tag" set by the rule above from the VLAN. However this does not work.
It seems that the processing order of NAT then afterwards Firewall Rules applies globally across all interfaces, eg:
VLAN & WAN
1) NAT
2) Firewall Rules
Which means the idea of tagging via a rule then using it to match on the Port Forward is not going to work.
I was expecting it to apply locally across each Interface, eg:
VLAN
1) NAT
2) Firewall Rules <-- rule sets local tag
WAN
3) NAT <-- port forward matches local tag
4) Firewall Rules
Can anyone clarify this or have any suggestion on how this could be made to work?
