OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Floating rules direction question [Reference to zenarmor guide re. crowdsec]
« previous next »
  • Print
Pages: [1]

Author Topic: Floating rules direction question [Reference to zenarmor guide re. crowdsec]  (Read 446 times)

tangofan

  • Newbie
  • *
  • Posts: 28
  • Karma: 1
    • View Profile
Floating rules direction question [Reference to zenarmor guide re. crowdsec]
« on: July 22, 2024, 12:09:25 am »
Hi all,

I'm new to OPNsense and still trying to learn the ropes, particularly with regards to firewall rules.

It is my current understanding that the "in" and "out" directions for rules are from the view of the firewall.
  • Thus a request originating on a computer in my LAN to the outside world, would be checked against "in" rules on the LAN interface and (if allowed to pass) against "out" rules on the WAN interface. (I also understand that "in" rules are generally more efficient and thus preferable.)
  • Conversely a request originating on the internet to a computer on my LAN would be checked against "in" rules on my WAN interface and - if allowed to pass - against "out" rules on the LAN interface.
Assuming my understanding is correct, here's my question: At https://www.zenarmor.com/docs/network-security-tutorials/how-to-install-and-configure-crowdsec-on-opnsense#adding-firewall-rules zenarmor provides a guide to installing and configuring CrowdSec on OPNsense.

In the section "Adding Firewall Rules" they talk about blocking connections originating on the LAN side to malevolent IP Addresses on the WAN side and they show a Floating Rule assigned to the LAN interface for that purpose. However the rule they show is an "out" rule and I would have expected it to be an "in" rule, since traffic originating on LAN and going to the internet would be inbound on the LAN interface.

I don't have CrowdSec installed yet, but I tried an equivalent rule scenario in OPNsense with a homegrown floating rule assigned to my LAN interface, blocking ICMP access to destination 1.1.1.1. As an IN-rule it works as expected and blocks a ping request, but as an OUT-rule the ping goes through (also expected).

So, I'm wondering, if I am missing something very essential here regarding floating rules or did they simply make a small mistake in their guide by defining this as an "out" rule?
(Note: I'm not trying to pick on them, the fact that they provide those guides is great. But before pointing this out to them, I'd rather ensure, that the problem isn't the guy in front of the computer.)

Thanks in advance for any clarification you can provide.
Logged

Baender

  • Full Member
  • ***
  • Posts: 107
  • Karma: 4
    • View Profile
Re: Floating rules direction question [Reference to zenarmor guide re. crowdsec]
« Reply #1 on: July 22, 2024, 09:41:04 pm »
I had the same situation when I installed and configured Crowdsec. In HomeNetworkGuy's tutorial it is set to IN, which makes more sense in my opinion. Counter-suggestions welcome.

https://homenetworkguy.com/how-to/install-and-configure-crowdsec-on-opnsense/#create-firewall-rules
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Floating rules direction question [Reference to zenarmor guide re. crowdsec]
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2