Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Morgennebel

Pages1
#1
22.1 Legacy Series / Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
June 06, 2022, 12:36:31 PM
Quote from: Morgennebel on June 05, 2022, 02:59:50 PM
I am currently at OPNsense 22.1.8_1-amd64, I can see the hotfix from github.com discussed earlier in this thread applied to /usr/local/opnsense/scripts/filter/update_tables.py.
...
This Alias & rule worked fine with 22.1.7 (edited). Cannot attach screenshots, as they are too large as PNG.

I reverted to 22.1.7: everything worked again for like 5-10 minutes. Then Aliases stopped working.
Reverted to 22.1.6: nothing worked after a reboot.

I assume my installation is now a little bit messed up and will reinstall.

Ciao, -MN
#2
22.1 Legacy Series / Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
June 05, 2022, 03:24:51 PM
The attached Alias is used as Port Group (PG_) in a firewall rule. The rule is not working, in Live View I do get

Code Select
5_LAN       2022-06-04T16:03:09 192.168.1.133:64658 185.90.196.130:443  tcp Default deny / state violation rule
5_LAN       2022-06-04T16:03:09 192.168.1.133:64642 185.90.196.130:443  tcp Default deny / state violation rule

errors. You see in the screenshot that the PG_ Alias has no timestamp for Last Updated, but I created and updated it today few times. Also it's not loaded - but referenced by a firewall Allow rule.

Thanks, -MN
#3
22.1 Legacy Series / Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
June 05, 2022, 02:59:50 PM
Thank you for your quick reply.

I am currently at OPNsense 22.1.8_1-amd64, I can see the hotfix from github.com discussed earlier in this thread applied to /usr/local/opnsense/scripts/filter/update_tables.py.

But still my Aliases for Ports and Port Groups do not work correctly. Some of them work, new ones are not used in firewall rules, do not show being loaded nor updated.

This Alias & rule worked fine with 22.1.7 (edited). Cannot attach screenshots, as they are too large as PNG.

Thanks, -MN
#4
22.1 Legacy Series / Re: Alias based firewall rules doesn't work after upgrade to 22.1.8
June 05, 2022, 02:00:02 PM
Quote from: franco on May 26, 2022, 09:13:33 PM
The hotfix was published now. Took a bit longer due to national holiday getting in the way.

I have the hotfix installed, but still Aliases are not working correctly compared to 21.7.1.

I am missing all Port and Port Group aliases within Firewall >> Diagnostics >> Aliases.
When modifying a Port Alias "Last Updated" in Firewall >> Aliases is not updated.
When renaming a Port Alias and changing the rule as well Alias shows as not loaded in Firewall >> Aliases.

Unfortunately opnsense-revert to 21.7.1 did not worked as well. So I am stuck with a partially working firewall.

Thanks, -MN
Pages1