help understanding some traffic hits rule while similar traffic does not hit ru

julcol · March 19, 2025, 09:26:03 AM

Hi,

I am running opnsense 25.1.3.

I have 4 VLANS. GENINT, LANNET, IOTNET, CAMNET.

In GENINT the last 2 rules are the ones in the pics
The second pic is the log of the firewall essentially allowing one traffic and blocking another one. Which for me should both trigger the pass rule.

Any hints about why my configuration is wrong ?

Thanks.

JC

Patrick M. Hausen · March 19, 2025, 09:33:56 AM

If you use destination invert you can use only one object in the rule. Create your own Network(s) alias for all the networks that should not be allowed to send to and use that.

julcol · March 19, 2025, 09:44:29 AM

@Patrick thanks for the info. Will change my config.

Just adding some info for context if anybody else arrive here. Looking at the logs in detail I can see that traffic is actually allowed trough the WAN interface, which never the less was the intention.

vlan01.73   match   block   in   4   0x0      64   0   0   DF   6   tcp   52   192.168.73.112   17.111.103.20
vlan01.73   match   block   in   4   0x0      64   0   0   DF   6   tcp   83   192.168.73.112   17.111.103.20
pppoe0   match   pass   out   4   0x0      63   0   0   DF   6   tcp   64   XX.XX.XX.XX   17.111.103.20
vlan01.73   match   pass   in   4   0x0      64   0   0   DF   6   tcp   64   192.168.73.113   17.111.103.20
pppoe0   match   pass   out   4   0x0      63   0   0   DF   6   tcp   64   XX.XX.XX.XX   17.111.103.20
vlan01.73   match   pass   in   4   0x0      64   0   0   DF   6   tcp   64   192.168.73.102   17.111.103.20
pppoe0   match   pass   out   4   0x0      63   0   0   DF   6   tcp   64   XX.XX.XX.XX   17.111.103.20

help understanding some traffic hits rule while similar traffic does not hit ru

julcol

March 19, 2025, 09:26:03 AM

Patrick M. Hausen

March 19, 2025, 09:33:56 AM #1

julcol

March 19, 2025, 09:44:29 AM #2