Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Security issue : Bridge is permissive on reboot
« previous
next »
Print
Pages: [
1
]
Author
Topic: Security issue : Bridge is permissive on reboot (Read 4869 times)
dyonis0s
Newbie
Posts: 6
Karma: 0
Security issue : Bridge is permissive on reboot
«
on:
September 11, 2019, 10:48:38 am »
Hello everyone, I made some security testing on OPNsense 19.1.
I've configured it with two interfaces in bridge mode. The firewall is placed inside Hyper-V.
On the one hand, the first interface is conected to VM with hping in flood mode. On the other, on the second interface, I've a VM with wireshark. The firewall is configured to block every packets.
I observed that on reboot of the firewall, it become permissive for about 0 to 1 second on startup.
Is that an issue that you already known ?
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: Security issue : Bridge is permissive on reboot
«
Reply #1 on:
September 11, 2019, 10:59:16 am »
Does this also happen with OPNsense in router mode?
Bart...
Logged
dyonis0s
Newbie
Posts: 6
Karma: 0
Re: Security issue : Bridge is permissive on reboot
«
Reply #2 on:
September 11, 2019, 11:13:09 am »
I didn't test in routing mode
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: Security issue : Bridge is permissive on reboot
«
Reply #3 on:
September 11, 2019, 06:01:32 pm »
It's worth testing to see if the permissive period is due to the bridge coming up before the firewall, or something innate to OPNsense.
Do you have net.link.bridge.pfil_bridge set to 1 under System, Settings, Tunables?
Bart...
Logged
dyonis0s
Newbie
Posts: 6
Karma: 0
Re: Security issue : Bridge is permissive on reboot
«
Reply #4 on:
September 17, 2019, 02:43:11 pm »
Sorry for the latency.
Indeed this variable was set to 1.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Security issue : Bridge is permissive on reboot