Setting a firewall option without passing or rejecting traffic

Started by rjdza, September 16, 2021, 09:33:56 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 16, 2021, 09:33:56 PM Last Edit: September 16, 2021, 09:46:42 PM by rjdza
Hi all

I need to set a firewall option on all traffic coming into an interface (I need to set the reply-to field. I know I shouldn't need to, but I do.  I think it's a bug).

How do I add a rule that will set the option, but will not pass or block traffic otherwise, and will not interfere with pass or block rules added later?

Thanks in advance.

EDIT: Here is why I need to set reply-to for the entire interface: https://forum.opnsense.org/index.php?topic=24776.0
September 16, 2021, 09:37:49 PM #1
What's the reply-to field in a networking context? I only know this in email.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
September 16, 2021, 09:45:21 PM #2
Quote from: pmhausen on September 16, 2021, 09:37:49 PM
What's the reply-to field in a networking context? I only know this in email.

It tells the firewall to add a field telling it which interface to send the replies out through.  This is used for multiwan where traffic should leave on the interface it came in on.

My setup has a peculiarity where for one type of link the default reply-to doesn't work.  It works for the rest of them, though, which is why I consider it a bug.
September 16, 2021, 09:47:10 PM #3
Got it. Sorry, no clue.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
September 17, 2021, 01:26:47 AM #4
AFAIK you can't specify simply a "Match" action for a rule.

Can't you just set the reply-to field on all the other rules?
September 17, 2021, 02:04:13 AM #5
Try disabling "Quick" option, so the action is not taken inmediately. The firewall will continue evaluating for the other rules until it reaches a quick rule or the last matching one.
September 17, 2021, 02:16:54 AM #6
Don't see how that solves the issue? Only one of the rules will apply
September 17, 2021, 03:01:15 AM #7
OP - just a thought. If you configure the IPv4 upstream gateway for the relevant interface under the interface settings, does that achieve the outcome for you?
September 17, 2021, 07:09:26 AM #8
Quote from: Greelan on September 17, 2021, 01:26:47 AM
AFAIK you can't specify simply a "Match" action for a rule.

Can't you just set the reply-to field on all the other rules?

I can, but that creates layers of complexity because I cannot use floating rules or firewall IF groups.
September 17, 2021, 07:13:00 AM #9
Quote from: Greelan on September 17, 2021, 03:01:15 AM
OP - just a thought. If you configure the IPv4 upstream gateway for the relevant interface under the interface settings, does that achieve the outcome for you?

It has been set all along.  I had reliability issues with multiwan and auto detect years ago, and haven;t used it since.
September 17, 2021, 08:03:09 AM #10
Quote from: muchacha_grande on September 17, 2021, 02:04:13 AM
Try disabling "Quick" option, so the action is not taken inmediately. The firewall will continue evaluating for the other rules until it reaches a quick rule or the last matching one.

Can confirm what Greelan said - does not work, only the last rule takes effect.

Confirmation comes from testing...
Print
Go Up Pages1
User actions