Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
A ‘catch all’ Firewall rule is being intermittently bypassed
« previous
next »
Print
Pages: [
1
]
Author
Topic: A ‘catch all’ Firewall rule is being intermittently bypassed (Read 748 times)
MS78M
Newbie
Posts: 9
Karma: 0
A ‘catch all’ Firewall rule is being intermittently bypassed
«
on:
January 28, 2024, 10:55:40 am »
On my LAN interface I have a firewall rule that allows ‘Access to Anything’ . This allows any device on the LAN interface to connect to anything on the internet as well as all the internal VLANs.
The next rule on the LAN interface blocks everything. This rule is for debugging/logging purposes and should not normally be reached.
The issue is that the ‘Access to Anything’ rule is being bypassed occasionally which should not be possible.
I have no idea why this is happening and would appreciate some guidance.
See the attached screen shots:
* Log showing bypassing of the rule
* Overview of the firewalls rule
* Full details of the ‘Access to Anything’ rule that is occasionally failing.
Thanks.
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: A ‘catch all’ Firewall rule is being intermittently bypassed
«
Reply #1 on:
January 28, 2024, 03:36:49 pm »
Hi, try to search for "out of state packet" (or something like that iirc). most likely this is it..
Logged
chemlud
Hero Member
Posts: 2485
Karma: 112
Re: A ‘catch all’ Firewall rule is being intermittently bypassed
«
Reply #2 on:
January 28, 2024, 04:42:16 pm »
The "default deny" rule (first in "automatic rules" for an interface, with option "last match" set) nowadays reads in the description:
Default deny /
state violation rule
The second part most likely applies here...
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
MS78M
Newbie
Posts: 9
Karma: 0
Re: A ‘catch all’ Firewall rule is being intermittently bypassed
«
Reply #3 on:
January 28, 2024, 04:57:57 pm »
Thank you both for the quick and helpful responses.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
A ‘catch all’ Firewall rule is being intermittently bypassed