State table problem

Started by Maarten, December 08, 2015, 01:34:50 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 08, 2015, 01:34:50 PM
Hi,

I've got a problem with the state table. The column "Int" always states "all" instead of the right interface name. Is this on purpose?

Thanks
December 08, 2015, 03:46:29 PM #1
Hi Maarten,
pf (the firewall behind the OPNsense GUI) by default applies states on a floating interface basis:

Code (pf.conf(5)) Select
     set state-policy
           The state-policy option sets the default behaviour for states:

           if-bound     States are bound to interface.
           floating     States can match packets on any interfaces (the
                        default).


So unless specifically defined something like set state-policy if-bound for a firewall rule, the states can float between interfaces and therefore the state is recorded for all interfaces.

Unfortunately I think it's not possible to set up this kind of rules in OPNsense. So I would say that the interface column of the state table is without any function at the moment...
December 10, 2015, 11:44:51 AM #2
hi mf,

Thank you for answering. When you set a firewall rule, for example on the lan interface. Then you would expect the rule to be bound on that interface and show up as such in the state table, right? On pfSense this is the case, is this behaviour changed in OPNsense?

I use it quite a lot in pfSense when for example setting up policy based routing, you can easily see where it goes wrong if it does.

Thanks.
Print
Go Up Pages1
User actions