How to disable Firewall for one particular interface entirely?

[jbattermann]

... or why does the 'Default deny / state violation rule' strike if I have a custom rule(s) allowing everything in and out for a particular interface?

Basically my issue is that I want to pass traffic in/out on one particular interface entirely unfiltered. Hence I went ahead and added on 'IN' and one 'OUT' rule allowing everything quasi, see screenshot below.

However, for that interface I still keep seeing firewall log entries blocking traffic based on the 'Default deny / state violation' rule regularly.

Given that this particular interface is physically connected to a second router/firewall, I really, really do not want any filtering happening on the OPNsense box and was wondering HOW I can disable filtering (illegal state or not) completely and for good?


See screenshots at: https://imgur.com/a/PdBGxTG

[Patrick M. Hausen]

Please draw a diagram of your network. The most common cause of unexpected "state violation" hits is asymmetric routing.

Also in most cases you never need an "out" rule.

[Maurice]

You can change the state tracking behaviour in the advanced settings of the firewall rule. A single "pass in any" rule with state type "none" should be sufficient.

Cheers
Maurice

[CJ]

Please draw a diagram of your network. The most common cause of unexpected "state violation" hits is asymmetric routing.

Also in most cases you never need an "out" rule.

Sometimes I wonder if that selector needs a pop up warning and/or being placed behind the Advanced toggle.  I see so many people misunderstanding it.