Show Posts
1
23.7 Legacy Series / My firewall ignores the rules (no, really)
« on: December 27, 2023, 01:48:13 am »
I am running 23.7.10_1. When I first set this firewall up in 2022 this didn't happen but I believe the problem was introduced with 23.7. This behavior has existed through all of the updates within 23.7.
I have a box with 4x 2.5GBe NICs, each assigned and with their own working firewall rules.
On one of those 4 NICs there is a network that isn't always online. When I bring it online after it being down for some period of time OPNsense sees it and shows the interface as "Up" but does not enforce firewall rules. Note that if this network is online after a reboot of OPNsense everything works normally.
In order to force OPNsense to enforce firewall rules I have to:
1. CREATE a blank (default) firewall rule
2. DELETE that blank rule from step 1
3. APPLY the existing ruleset without any actual changes
The existing firewall rules are now enforced immediately after step 3.
I only create and delete the blank rule because that is the quickest way to give me the option to "Apply" the ruleset and get OPNsense to enforce the existing rules. I LITERALLY CHANGED NOTHING. Rebooting the OPNsense box will also fix this problem but obviously that's not a great solution because it takes everything offline for the reboot.
OPNsense is awesome and I love it, but this problem is really weird and I'd like to figure it out. Thanks!
I have a box with 4x 2.5GBe NICs, each assigned and with their own working firewall rules.
On one of those 4 NICs there is a network that isn't always online. When I bring it online after it being down for some period of time OPNsense sees it and shows the interface as "Up" but does not enforce firewall rules. Note that if this network is online after a reboot of OPNsense everything works normally.
In order to force OPNsense to enforce firewall rules I have to:
1. CREATE a blank (default) firewall rule
2. DELETE that blank rule from step 1
3. APPLY the existing ruleset without any actual changes
The existing firewall rules are now enforced immediately after step 3.
I only create and delete the blank rule because that is the quickest way to give me the option to "Apply" the ruleset and get OPNsense to enforce the existing rules. I LITERALLY CHANGED NOTHING. Rebooting the OPNsense box will also fix this problem but obviously that's not a great solution because it takes everything offline for the reboot.
OPNsense is awesome and I love it, but this problem is really weird and I'd like to figure it out. Thanks!