Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense ignore my Rule set!!!
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense ignore my Rule set!!! (Read 1073 times)
FrankLampard
Newbie
Posts: 1
Karma: 0
OPNsense ignore my Rule set!!!
«
on:
July 23, 2020, 03:13:42 pm »
Hello,
I'm just working on my first OPNsense rule setting. I have experience with pfSense and I'm desperate.
My OPNsense installation refers to version 20.1.
The basic configuration has created two rules for the LAN interface. Each for IPv4 and IPv6 according to the motto "everything can go through". A separate set of rules should only allow data traffic for one computer in the LAN in my example. To block in the last instance everything that could not be regulated by previous rules I have also taken this into my setting. I know that this will be considered automatically, but I want to log the blocked traffic. The following lines should illustrate the order and simplified logic:
Allow IPv4 TCP/IP Host 192.168.230.10/24 Port 443, 53
Block IPv4 TCP/IP LAN net
Allow IPv4 TCP/IP LAN net
Allow IPv6 TCP/IP LAN net
My state of knowledge says that all rules are worked out from top to down.
If I deactivate the pre-installed last two rules, which allow everything, nothing works. However, an automatically generated block rule from the "Floating Rules" is used. I'm still too vague about the floating rules and especially the automatically generated rules behind. What exactly is behind this and how do I have influence on these automatic rules?
For a better overview my diagram:
Internet
:
: Cable-Provider (for the internet)
:
.-----+-----.
| Gateway | (Fritzbox as router and integrated cable modem)
'-----+-----' LAN: 10.110.180.10
|
|
|
.-----+------. WAN: 10.110.180.110 (Gateway: 10.110.180.10)
| OPNsense |
'-----+------' LAN: 192.168.230.10
|
|
PC (192.168.230.210)
Thank you and best regards
ผลบอลเมื่อคืน
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense ignore my Rule set!!!