Messages

1

General Discussion / Firewall: Some Destination IPs blocked, some not - why?

« on: October 16, 2024, 04:47:21 pm »

Hello Community,

maybe you can tell me more about this strange behavior, I just don't get it.
I use a OPNsense as a gateway for devices in a subnet to access other nets / internet.
What's strange:
The devices in that subnet should be allowed to access the internet, but some IPs are blocked whereas some of them are allowed by the firewall rules, although there is no special restriction configured.

Rules are similar to this:
First Match IN IPv4, Source is 192.168.99.0/24, any Port, any destination/port, std. gateway
First Match OUT IPv4, Source is 192.168.99.0/24, any Port, any destination/port, std. gateway

Now in the live view, I can see, that the machines in that net are sometimes allowed to contact machines in the internet on port 443, and sometimes not, e.g.:
Tenant99 - pass - 192.168.99.x:50345 -> 198.19.2.14:443 tcp -> allow rule
Tenant99 - block -192.168.99.x:52161 -> 95.101.111.175:443 tcp -> default deny / state violation rule

What could I miss there? Why are some connections allowed and some not?