Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Nonsensical rule matching behavior after a reboot
« previous
next »
Print
Pages: [
1
]
Author
Topic: Nonsensical rule matching behavior after a reboot (Read 1616 times)
dougmeredith
Newbie
Posts: 6
Karma: 0
Nonsensical rule matching behavior after a reboot
«
on:
March 06, 2020, 03:41:15 pm »
I've been running OPNsense for about a week and everything was working well until last night. I noticed the problem some time after the VM host that the router is on rebooted, but I cant say for certain that that was the cause of the problem. The router was running 20.1.1 when the problem occurred. I've since upgraded to 20.1.2 and that hasn't helped.
The initial problem: rules in the DMZ that worked for a week simply stopped working. Checking the logs, the traffic was matching the built-in "Default deny rule". My rules were not disabled.
In attempting to troubleshoot the problem, I've discovered two more oddities, which may be more basic:
* If I create two identical rules to deny all traffic, it's always the second one that is matched, even though they are set to match first.
* Traffic from my LAN to the DMZ shows up in the logs as matching the built-in "let out anything from firewall host itself" even though the traffic is not originating from the router.
I'm stumped. Any help would be appreciated.
«
Last Edit: March 06, 2020, 04:45:58 pm by dougmeredith
»
Logged
mackendj
Newbie
Posts: 1
Karma: 0
Re: Nonsensical rule matching behavior after a reboot
«
Reply #1 on:
March 10, 2020, 03:02:35 pm »
I have observed similar behavior - in my case I was able to work around it by eliminating /breaking out aliases from the policy. Reboots, clearing of state, disabling policy optimizer and reordering / duplicating rules did not appear to help.
Thanks!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Nonsensical rule matching behavior after a reboot