[SOLVED] floating rule not working... Anybody?

Started by manilx, September 09, 2022, 02:03:10 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 09, 2022, 02:03:10 PM Last Edit: September 19, 2022, 09:41:23 PM by manilx
Hi

I have searched the forum and web and I do think I have created the rule correctly. I want to block traffic to/from an IP range on all interfaces.
Following: https://www.allthingstech.ch/using-opnsense-and-ip-blocklists-to-block-malicious-traffic

I have created the following floating rule:

Protocol    Source    Port    Destination    Port    Gateway    Schedule    Description
IPv4+6*      *              *       testAlias      *       *                *               test

Doesnt work as I can ping from the LAN to one IP of the Alias list.

I had separate rules on LAN and WAN to block outgoing and incoming traffic to the alias but I wanted to simplify with one rule instead of 2. These rules are working and blocking.

What is wrong?
September 09, 2022, 04:06:38 PM #1
Created another test floating rule to block traffic to one specific IP.

IPv4 *    *    *    148.69.220.89    *    *    *    test

Can ping from the LAN to this IP on the internet without issues!

I just don't get why this is not working.
Respective LAN and WAN rules block without issues.
September 15, 2022, 05:55:57 AM #2
im having same type of issues with all rules  i tested it in pf sense and i get the reverse issue vs everything open everything is closed and wont open lol

im not even sure what rules should be at this point or maybe they are backwards i dont know

i once heard sense it was a server in actually means out and out means in .   (so in from should be "vlan1" meaning go out to   and out from (means coming into)
September 15, 2022, 10:21:28 AM #3
The wiki and the help menu in the firewall rules explain direction for firewall rules.

Direction is assessed from the perspective of OPNsense.

So "in" means traffic coming into an interface from the network connected to that interface.

"Out" means traffic going out of an interface to the network connected to that interface.

So an "in" rule on LAN would apply to traffic coming into the LAN interface on OPNsense from devices in LAN net.

Most of the time, only "in" rules are needed.
September 19, 2022, 09:40:59 PM #4
I had to add another set of rules for incoming. Now all traffic out/in is blocked to the respective IP lists:

        IPv4 *   Emerging_Threats     *   *   *   *   *   block Emerging Threats from      
        IPv4 *   *   *   Emerging_Threats    *   *   *   block Emerging Threats to      
        IPv4 *   CIArmy     *   *   *   *   *   block CIArmy from      
        IPv4 *   *   *   CIArmy    *   *   *   block CIArmy to      
        IPv4 *   Firehol_level2     *   *   *   *   *   block Firehole 2 from      
        IPv4 *   *   *   Firehol_level2    *   *   *   block Firehole 2 to      
        IPv4 *   Firehol_level3     *   *   *   *   *   block Firehole 3 from      
        IPv4 *   *   *   Firehol_level3    *   *   *   block Firehole 3 to      
Print
Go Up Pages1
User actions