Author Topic: A ‘catch all’ Firewall rule is being intermittently bypassed (Read 745 times)

MS78M · « **on:** January 28, 2024, 10:55:40 am »

On my LAN interface I have a firewall rule that allows ‘Access to Anything’ . This allows any device on the LAN interface to connect to anything on the internet as well as all the internal VLANs.

The next rule on the LAN interface blocks everything. This rule is for debugging/logging purposes and should not normally be reached.

The issue is that the ‘Access to Anything’ rule is being bypassed occasionally which should not be possible.

I have no idea why this is happening and would appreciate some guidance.

See the attached screen shots:
* Log showing bypassing of the rule
* Overview of the firewalls rule
* Full details of the ‘Access to Anything’ rule that is occasionally failing.

Thanks.

Fright · « **Reply #1 on:** January 28, 2024, 03:36:49 pm »

Hi, try to search for "out of state packet" (or something like that iirc). most likely this is it..

chemlud · « **Reply #2 on:** January 28, 2024, 04:42:16 pm »

The "default deny" rule (first in "automatic rules" for an interface, with option "last match" set) nowadays reads in the description:

Default deny / state violation rule

The second part most likely applies here...

MS78M · « **Reply #3 on:** January 28, 2024, 04:57:57 pm »

Thank you both for the quick and helpful responses.

Author Topic: A ‘catch all’ Firewall rule is being intermittently bypassed (Read 745 times)

MS78M

A ‘catch all’ Firewall rule is being intermittently bypassed

Fright

Re: A ‘catch all’ Firewall rule is being intermittently bypassed

chemlud

Re: A ‘catch all’ Firewall rule is being intermittently bypassed

MS78M

Re: A ‘catch all’ Firewall rule is being intermittently bypassed