Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Autogenerated FW rule is misleading : let out anything from firewall host
« previous
next »
Print
Pages: [
1
]
Author
Topic: Autogenerated FW rule is misleading : let out anything from firewall host (Read 1492 times)
toxic
Jr. Member
Posts: 72
Karma: 4
Autogenerated FW rule is misleading : let out anything from firewall host
«
on:
September 08, 2020, 09:55:48 pm »
Hello,
I just fail to understand the purpose of this rule...
In my logs, I see this that ping(ICMP) traffic from 10.0.0.50 to 10.0.0.10 is listed as allowed by the rule "let out anything from firewall host" . See attached screenshot for the firewall logs.
Attached you will also see that this "let out anything from firewall host" rule in the firewall tab does not look at all to be limited to "this firewall" as both source and dest are set to *
This firewall is not 10.0.0.50 nor is it 10.0.0.10... Why is it a match ?
Now that I enabled all logs, I see that first my rule LAN to LAN does match as Pass and then this automatic rule matches.
My guess is that it's because these 2 hosts are actually on 2 physically distinct interfacess that I bridged together, so the packet gets a Pass when coming in, and again to be routed from one bridge member to another....
Am I right ?
In any case, it was quite hard to understand this, with not all logs present it made no sense to me.
Saldy, I cannot disable the loging for this automatic generated rule...
10.0.0.1:57735 10.0.0.10:445
Logged
bobm
Newbie
Posts: 16
Karma: 0
Re: Autogenerated FW rule is misleading : let out anything from firewall host
«
Reply #1 on:
September 09, 2020, 12:03:31 am »
It seems we are looking for same answers. One thing of note is that this rule supposed (gray lightning bolt) to evaluate last so I think it would be possible to add custom rule negating it in whole or partially.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Autogenerated FW rule is misleading : let out anything from firewall host