Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Strange Firewall rule processing
« previous
next »
Print
Pages: [
1
]
Author
Topic: Strange Firewall rule processing (Read 1171 times)
gnomee
Newbie
Posts: 6
Karma: 0
Strange Firewall rule processing
«
on:
February 15, 2023, 02:49:49 pm »
I am really baffled by this. I have a firewall rule that sometimes gets missed, screenshots attached. What am I missing? Why does it sometimes endup with the standard floating rule "Default deny / state violation rule"?
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Strange Firewall rule processing
«
Reply #1 on:
February 15, 2023, 03:18:41 pm »
What does "standard Floating rule" mean?
What interface is that rule on?
You shouldn't be using floating rules unless you absolutely have to.
Logged
gnomee
Newbie
Posts: 6
Karma: 0
Re: Strange Firewall rule processing
«
Reply #2 on:
February 15, 2023, 03:22:14 pm »
It's the top "Automatically generated rules", notice it's "last match".
Logged
chemlud
Hero Member
Posts: 2486
Karma: 112
Re: Strange Firewall rule processing
«
Reply #3 on:
February 15, 2023, 03:26:20 pm »
It is what it says: State violation. No state, no traffic.
Do a package capture and watch your "Nest" at work. Most likely it tries to reuse the tcp connection that is already closed and then starts a fresh session (passed).
«
Last Edit: February 15, 2023, 03:34:26 pm by chemlud
»
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
gnomee
Newbie
Posts: 6
Karma: 0
Re: Strange Firewall rule processing
«
Reply #4 on:
February 15, 2023, 04:03:31 pm »
Indeed you are correct sir. Much appreciated.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Strange Firewall rule processing