default deny rule not working on port 443

Started by MiRei, March 23, 2022, 03:17:57 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 23, 2022, 03:17:57 PM
With our installation of OPNSense 22.1.3 and 21.7.8, the automatic default deny rule did not work for port 443 any longer. The following entries appear in the LOG:

VL905 -> 2022-03-23T15:05:47 sourceip:54611 targetip:80 tcp Default deny rule
WAN <- 2022-03-23T15:05:44 sourceip:54612 targetip:443 tcp let out anything from firewall host itself

If you set up a new interface, a device can access to the internet via port 443 in this network, even though no FW rules have been created for it.
Does anyone have any idea what the reason for this could be?

Thanks, MiRei
March 24, 2022, 08:05:05 AM #1
Even if I add a block rule to "any" in the ruleset of the network,
communication via port 443 is possible.
There is no manual floating rules that allows port 443.
March 24, 2022, 10:18:01 AM #2
You can do a `pfctl -s rules` on the shell, then investigate from there.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
March 24, 2022, 12:18:14 PM #3
In the livelog I can find the rid (fae559338f65e11c53669fc3642c93c2) that lets 443 through.

On the console I'll get:
pfctl -sr | grep fae559338f65e11c53669fc3642c93c2

the following output:
pass out log all flags S/SA keep state allow-opts label "fae559338f65e11c53669fc3642c93c2"

Unfortunately, this doesn't really help me.
Print
Go Up Pages1
User actions