Messages

      <descr>DNS [1][PASS][NOLOG]</descr>
      <descr>DNS[2][PASS][NOLOG]</descr>
      <descr>DNS [3][PASS][NOLOG]</descr>
      <descr>DNS [4][PASS][NOLOG]</descr>
      <descr>Internal ICMP [PASSS][NOLOG]</descr>
      <descr>HTTP [PASS][NOLOG]</descr>
      <descr>HTTPS [PASS][NOLOG]</descr>

That rule is not new have months

Only I realized today that I was going through a traffic that I should (Supestly)

Anyway i restart, clear states ...

And no other rule have same name

Hello.

What wrong with this rule? I missing something?

yes.

but i disable Statistic and now works

edit: well seems work few hours ago but now  still ignore the filter

Yes i reset stale. Anyway i testing with ping.

My alias is basic for test, type network and ips X.X.X.X/XX

edit2: well added another ip+reset and works again, will check in few hours or tomorrow if still works

I have  Statistics enabled.

I disable and now works

Hi.

Firewall rule with network aliases seems not block ips, i can still  reach.


      IPv4 *    *    *    ExplitcitIPBAN     *    *    *       ExplitBanIps LAN

Adding a specific ip instead of aliases work

OPNsense 23.7.9-amd64
FreeBSD 13.2-RELEASE-p5
OpenSSL 1.1.1w

I try and still not work, filtered and same posted behavior in the firewall log

anyway not seems related to the rule, same rule using port 2222 and running sshd on port 2222 works

I begin thinking my fiber company begin blocking port 22 but if was that i don't known why opnsense each time i try connect to port 22 display a connection to port 80 and 443

My actual rules

Code Select Expand


IPv4 TCP * * * 22 * * SSH WAN
IPv4 TCP * * 192.168.2.100 443 (HTTPS) * * Webproxy HTTPS
IPv4 TCP/UDP * * 192.168.2.72 51413 * * Torrent
IPv4 UDP * * 192.168.2.80 51820 * * Wireguard
IPv4 TCP * * 192.168.2.123 25 (SMTP) * * SMTP
IPv4 TCP * * 192.168.2.73 995 (POP3/S) * * POP3S
IPv4 TCP * * 192.168.2.100 80 (HTTP) * * Webproxy HTTP
IPv4 TCP * * * 587 (SUBMISSION) * * 587 port smtps
IPv4 TCP/UDP * * 192.168.2.53 53 (DNS) * *


Will post in few hours but the rules are the same if i open the port 1022 or 22, with port 1022 and ssh configured for that port work, with port 22 the firewall block with that weird log.

That not seems a config problem, seems a bug

connect to ssh port 22 from wan interface

And the problems is i can't connect, and that is the weird firewall log showing my connection (try) to port 22   from another external ip.

If i change sshd to port 2222 works fine.

Hi

OPNsense 23.1.9-amd64

I enable ssh and open the port and that the firewall log from outside my network

   lan      2023-06-20T23:12:15   37.187.:41144   192.168.2.100:443   tcp   let out anything from firewall host itself   
   wan      2023-06-20T23:12:15   37.187.:41144   192.168.2.100:443   tcp   Webproxy HTTPS   
   wan      2023-06-20T23:12:15   37.187.:41144   192.168.100.10:443   tcp   rdr rule   
   wan      2023-06-20T23:12:15   37.187.:41144   192.168.2.100:80   tcp   Default deny / state violation rule   
   wan      2023-06-20T23:12:15   37.187.:41144   192.168.100.10:80   tcp   rdr rule


I have some rules for 80,443

Without that rules this is the log

wan      2023-06-20T23:14:07   37.187.:62449   192.168.100.10:443   tcp   Default deny / state violation rule   
   wan      2023-06-20T23:14:07   37.187.:62449   192.168.100.10:80   tcp   Default deny / state violation rule

If i use other port for ssh work ok

Any idea?