Archive > 19.1 Legacy Series
Security issue : Bridge is permissive on reboot
(1/1)
dyonis0s:
Hello everyone, I made some security testing on OPNsense 19.1.
I've configured it with two interfaces in bridge mode. The firewall is placed inside Hyper-V.
On the one hand, the first interface is conected to VM with hping in flood mode. On the other, on the second interface, I've a VM with wireshark. The firewall is configured to block every packets.
I observed that on reboot of the firewall, it become permissive for about 0 to 1 second on startup.
Is that an issue that you already known ?
bartjsmit:
Does this also happen with OPNsense in router mode?
Bart...
dyonis0s:
I didn't test in routing mode
bartjsmit:
It's worth testing to see if the permissive period is due to the bridge coming up before the firewall, or something innate to OPNsense.
Do you have net.link.bridge.pfil_bridge set to 1 under System, Settings, Tunables?
Bart...
dyonis0s:
Sorry for the latency.
Indeed this variable was set to 1.
Navigation
[0] Message Index
Go to full version