Author Topic: Firewall rules' exact processing orders (Read 857 times)

sngkomlpop · « **on:** September 11, 2022, 12:11:10 pm »

Hi everyone, I want to make sure I have the correct understanding of the ordering of the firewall rules.

Suppose I initiate a connection from an IP in LAN to an IP in VLAN1, are the rules checked in this order:
1. Floating rules that have direction "in" (If it has a "Quick + Pass" rule, jump to 4. If it has a "Quick + Block/Reject", block connection.)
2. LAN's interface groups' rules that have direction "in" (if it has a "Quick + Pass" rule, jump to 4. If it has a "Quick + Block/Reject", block connection.)
3. LAN rules that have direction "in" (if it has a "Quick + Pass" rule, jump to 4. If it has a "Quick + Block/Reject", block connection. Otherwise use the last relevant rule from 1+2+3. If no relevant rule from 1+2+3, block connection.)
4. Floating rules that have direction "out" (if it has a "Quick + Pass" rule, allow connection. If it has a "Quick + Block/Reject", block connection.)
5. VLAN1's interface groups' rules that have direction "out" (if it has a "Quick + Pass" rule, allow connection. If it has a "Quick + Block/Reject", block connection.)
6. VLAN1 rules that have direction "out" (if it has a "Quick + Pass" rule, allow connection. If it has a "Quick + Block/Reject", block connection. Otherwise use the last relevant rule from 4+5+6. If no relevant rule from 4+5+6, block connection.)
เว็บสล็อตอันดับ 1
Is this correct? Thanks!

meyergru · « **Reply #1 on:** September 11, 2022, 12:23:17 pm »

This is explained here: https://docs.opnsense.org/manual/firewall.html

See "processing order".

BTW: This is the german part of the forum...

Author Topic: Firewall rules' exact processing orders (Read 857 times)

sngkomlpop

Firewall rules' exact processing orders

meyergru

Re: Firewall rules' exact processing orders