Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Multiple WAN gateways & anti-lockout rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Multiple WAN gateways & anti-lockout rules (Read 348 times)
B3r3n
Newbie
Posts: 2
Karma: 0
Multiple WAN gateways & anti-lockout rules
«
on:
July 23, 2024, 11:33:30 am »
Dear all,
Please notice I am a newbie on opnSense.
Until now I was using a competitor no longer free since a few months ;-)
I exported my ruleset from this competitor to import it in opnSense, did a few manual changes so import behaves the same. Apparently all is fine.
HOWEVER:
- My design is a FW serving 2 different netblocks, each with its gateway.
- In my design, I want to open SSH from WAN (opensense naming). So I disabled the lock out rules.
- But in real, despite the 2 WAN has exactly the same ruleset but the target IP (different subnets), opensense behaves differently:
- On the WAN1 (WAN for opnsense), ssh keeps being blocked
- On the WAN2 (OPT1 for opnsense), ssh is managed by my ruleset (normal).
I sense 2 possible issues:
- antilockout cant be disabled or edited. Painful when for example you dont have IPv6 and want a clean ruleset without any IPv6 pass anywhere.
- antilockout applies only on WAN (opnsense naming), making admin believe all its "WAN" are protected. There should be a way to ensure 2 WAN interfaces with the same ruleset will behave *exactly* the same.
Feel free to ask for any detail, my english might not be great :-)
Thanks
Brgrds
Logged
B3r3n
Newbie
Posts: 2
Karma: 0
Re: Multiple WAN gateways & anti-lockout rules
«
Reply #1 on:
July 23, 2024, 02:40:27 pm »
Please notice I found a link to this issue. Each incoming flow rules was having a defined gateway (side effect of the import).
When this gateway is removed, opnSense behaves much better...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Multiple WAN gateways & anti-lockout rules