Firewall -> Rules -> interface/group -> Inspection - what and how?

lar.hed · December 20, 2023, 05:53:22 PM

So I am, again, trying to figure some firewall rules out. Now I think what is my problem is well English words and my interpretation of them, or lack of interpretation? After all English is not my first language....

Most rules work, and a few are behaving maybe not to my liking... I have for that reason decided onto a bit weird solution: I have a few rules that are just called "Counters", and there is only a portnr (TCP and or UDP, or ICMP/IGMP) defined as pass in each "counter" rule" - I just like to know what sort of traffic and well one way is to use a rule per port and then maybe decide if I can remove that port from the traffic (example found port 13000 - that one had nothing to do in this network).

Now when I have them like this, and click the "Inspection" button on the right high side, I get a few columns:

Evaluations    - The number of times the rule has been evaluated, but?
States       - States - when is this counter reset?
Packets       - Nr of Packets - when is this counter reset?
Bytes      - Nr of Bytes - when is this counter reset?
Description   - The description entered when configuring/creating a firewall rule.

Now what I wonder are, basically, how to interpret them:
1) States/Packets/Bytes - when are they reset to zero?
2) States/Packets/Bytes - when a rule has been evaluated (the first column) - and this shows zero - what goes on?
3) Evaluations - so a rule can or can not be evaluated, that I get - however can this counter be +1 so to speak without the rule getting executed (as in evaluated but sorry no pass/block since well it was evaluated but it fails to match)

(do note this is not that good documented in the OPNsense documentation - therefore I have to ask :-)

Firewall -> Rules -> interface/group -> Inspection - what and how?

lar.hed

December 20, 2023, 05:53:22 PM