Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall -> Rules -> interface/group -> Inspection - what and how?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall -> Rules -> interface/group -> Inspection - what and how? (Read 759 times)
lar.hed
Sr. Member
Posts: 323
Karma: 10
Firewall -> Rules -> interface/group -> Inspection - what and how?
«
on:
December 20, 2023, 05:53:22 pm »
So I am, again, trying to figure some firewall rules out. Now I think what is my problem is well English words and my interpretation of them, or lack of interpretation? After all English is not my first language....
Most rules work, and a few are behaving maybe not to my liking... I have for that reason decided onto a bit weird solution: I have a few rules that are just called "Counters", and there is only a portnr (TCP and or UDP, or ICMP/IGMP) defined as pass in each "counter" rule" - I just like to know what sort of traffic and well one way is to use a rule per port and then maybe decide if I can remove that port from the traffic (example found port 13000 - that one had nothing to do in this network).
Now when I have them like this, and click the "Inspection" button on the right high side, I get a few columns:
Evaluations - The number of times the rule has been evaluated, but?
States - States - when is this counter reset?
Packets - Nr of Packets - when is this counter reset?
Bytes - Nr of Bytes - when is this counter reset?
Description - The description entered when configuring/creating a firewall rule.
Now what I wonder are, basically, how to interpret them:
1) States/Packets/Bytes - when are they reset to zero?
2) States/Packets/Bytes - when a rule has been evaluated (the first column) - and this shows zero - what goes on?
3) Evaluations - so a rule can or can not be evaluated, that I get - however can this counter be +1 so to speak without the rule getting executed (as in evaluated but sorry no pass/block since well it was evaluated but it fails to match)
(do note this is not that good documented in the OPNsense documentation - therefore I have to ask :-)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall -> Rules -> interface/group -> Inspection - what and how?