1
23.1 Legacy Series / Re: Traffic is not correctly blocked?
« on: April 14, 2023, 07:23:08 pm »
Nobody any hints for me?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
23.1 Legacy Series / Re: Traffic is not correctly blocked?
« on: April 13, 2023, 07:26:00 pm »
Is it possible that opnsense just allows new sessions?
It seems that when I have access to the destination and I am then changing something in opnsense and apply the settings the access gets lost. The detail view of the packages in live view shows that the accepted packages are SYN-messages while the blocked ones are acknowledges.
It seems that when I have access to the destination and I am then changing something in opnsense and apply the settings the access gets lost. The detail view of the packages in live view shows that the accepted packages are SYN-messages while the blocked ones are acknowledges.
3
23.1 Legacy Series / Re: Traffic is not correctly blocked?
« on: April 13, 2023, 07:12:43 pm »
I really don't understand why the firewall behaves differently for the same incoming requests.
Is there any way to get more logging to find the reason for this?
Is there any way to get more logging to find the reason for this?
4
23.1 Legacy Series / Re: Traffic is not correctly blocked?
« on: April 11, 2023, 08:54:39 pm »
I have a different (in my opinion) strange behavior, which I currently cannot understand. I don't want to start a new thread because of the question, so I continue in this one.
I am starting with very simple firewall rules in one VLAN, one allow-rule for a single source ip to internal destinations (_PrivateNetworks) and one allow-rule for that same ip to external destinations: See attached image rule.png
When I try to access a SMB share on an internal destination (192.168.10.12) from that source ip, the access seems not to be directly working, but after about 10 seconds the share can be accessed.
When checking the live view, it can be seen that the access is first denied because of the global deny-rule in that vlan and then allowed because of the explicit rule mentioned above: See attached image log.png
This behaviour is reproducable: sometimes the rule seems to hit the traffic, sometimes not.
Can anybody explain that behavior?
Best regards,
cyb
I am starting with very simple firewall rules in one VLAN, one allow-rule for a single source ip to internal destinations (_PrivateNetworks) and one allow-rule for that same ip to external destinations: See attached image rule.png
When I try to access a SMB share on an internal destination (192.168.10.12) from that source ip, the access seems not to be directly working, but after about 10 seconds the share can be accessed.
When checking the live view, it can be seen that the access is first denied because of the global deny-rule in that vlan and then allowed because of the explicit rule mentioned above: See attached image log.png
This behaviour is reproducable: sometimes the rule seems to hit the traffic, sometimes not.
Can anybody explain that behavior?
Best regards,
cyb
5
23.1 Legacy Series / Re: Traffic is not correctly blocked?
« on: April 07, 2023, 06:57:49 pm »
Thanks for your very fast reply.
Yeah, I thought of that and because of that I stopped the ping, closed the terminal, waited some seconds, opened a new terminal and restarted the ping. I thought the session would be terminated because of that but I seem to be wrong.
Yeah, I thought of that and because of that I stopped the ping, closed the terminal, waited some seconds, opened a new terminal and restarted the ping. I thought the session would be terminated because of that but I seem to be wrong.
6
23.1 Legacy Series / Traffic is not correctly blocked?
« on: April 07, 2023, 06:45:17 pm »
Hi there,
I am just starting to try out OPNsense although I am familiar with firewalls from Fortinet and Mikrotik.
I have one physical LAN interface combining several VLANs. In OPNsense I have defined multiple OPT-interfaces, one interface for each VLAN (all with the same physical interface as parent).
I then have created one first rule for one OPT-interface, very simple: just allow ICMP traffic to "this firewall". After creating and enabling the rule, I can ping the corresponding firewall interface without problems (I was not able to ping it before).
Now the strange thing: When disabling the rule or even when deleting the rule, I am still able to ping the interface. I am still receiving echo replies!
When rebooting the OPNsense machine, the ping is not replied aynmore, as I expected.
I can permanently reproduce the behaviour.
Is this a bug or am I misunderstanding something?
Best regards,
cyb
I am just starting to try out OPNsense although I am familiar with firewalls from Fortinet and Mikrotik.
I have one physical LAN interface combining several VLANs. In OPNsense I have defined multiple OPT-interfaces, one interface for each VLAN (all with the same physical interface as parent).
I then have created one first rule for one OPT-interface, very simple: just allow ICMP traffic to "this firewall". After creating and enabling the rule, I can ping the corresponding firewall interface without problems (I was not able to ping it before).
Now the strange thing: When disabling the rule or even when deleting the rule, I am still able to ping the interface. I am still receiving echo replies!
When rebooting the OPNsense machine, the ping is not replied aynmore, as I expected.
I can permanently reproduce the behaviour.
Is this a bug or am I misunderstanding something?
Best regards,
cyb
Pages: [1]