Firewall ignores rules randomly

Started by senseivita, May 15, 2019, 07:16:42 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 15, 2019, 07:16:42 AM
I'm having issues with the firewall not obeying my ruleset. All the rules are the clone of the first one so either they should all work or they should all not work. Some do, some don't. These are port forwards, BTW.

I don't know what's wrong. In the live view I can see the connections are blocked by the default ruleset, meaning for some reason it's not matching them but, like I said, not all of them: I checked them several times finding nothing wrong with them.

Is this a bug? I also added a ZeroTier interface, the firewall pings the only client I have at the other end, and the client also pings the firewall but the firewall doesn't route  the subnets.

Is this a known bug?
I'm a bit dyslexic and it makes me forgo letters at the end of words. What gets written is written correctly though, I have good orthography in one or two languages, ironically. It's messed up, I know, I'm sorry. Just pretend you're my auto-complete. :)
May 15, 2019, 09:54:22 AM #1
Solved it! :)
...well not really, I went back to pfSense. :/
I'm a bit dyslexic and it makes me forgo letters at the end of words. What gets written is written correctly though, I have good orthography in one or two languages, ironically. It's messed up, I know, I'm sorry. Just pretend you're my auto-complete. :)
May 15, 2019, 01:39:48 PM #2
Did you verify your logs? Was it _really_ block or just reported as blocked? I stopped taking live log as serious source of information. I do a tcpdump to verify whether it is really blocked or just reported.

I have many rules, I know ports are open and they are shown as blocked.

It is an pf-issue that is better handled in pfsense than opnsense

See here: https://forum.opnsense.org/index.php?topic=12459.msg58660#msg58660
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
May 15, 2019, 01:51:14 PM #3
1. the problem report here is nowhere near the state to be able to get an insight in to what could be wrong in just under 3 hours.

2. giving a negative impression of OPNsense over an unfounded interpretation of a bug that cannot be confirmed due to lack of substantial information is misleading.


Cheers,
Franco
Print
Go Up Pages1
User actions