A ‘catch all’ Firewall rule is being intermittently bypassed

Started by MS78M, January 28, 2024, 10:55:40 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 28, 2024, 10:55:40 AM
On my LAN interface I have a firewall rule that allows 'Access to Anything' . This allows any device on the LAN interface to connect to anything on the internet as well as all the internal VLANs.

The next rule on the LAN interface blocks everything.  This rule is for debugging/logging purposes and should not normally be reached.

The issue is that the 'Access to Anything' rule is being bypassed occasionally which should not be possible.

I have no idea why this is happening and would appreciate some guidance.

See the attached screen shots:
* Log showing bypassing of  the rule
* Overview of the firewalls rule
* Full details of the 'Access to Anything' rule that is occasionally failing.

Thanks.
January 28, 2024, 03:36:49 PM #1
Hi, try to search for "out of state packet" (or something like that iirc). most likely this is it..
January 28, 2024, 04:42:16 PM #2
The "default deny" rule (first in "automatic rules" for an interface, with option "last match" set) nowadays reads in the description:

Default deny / state violation rule

The second part most likely applies here...
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
January 28, 2024, 04:57:57 PM #3
Thank you both for the quick and helpful responses.  :)
Print
Go Up Pages1
User actions