firewall allowing WAN to connect to Google DNS servers

Fright · March 05, 2021, 07:03:42 AM

QuoteI am only allowing the DNS to the opnsense server.

no.
you allow all traffic by "allow iot to any rule". you can try to enable logging on this rule and check logs

QuoteWhich brings me back to the question, why can't I disable/delete the auto-generated rules?

why do you want to block the request when it is already trying to exit the WAN? block on ingress interface: just block dns-traffic from iot-network to any except "this firewall"

tiermutter · March 05, 2021, 12:17:16 PM

Quote from: Fright on March 05, 2021, 07:03:42 AM
block on ingress interface: just block dns-traffic from iot-network to any except "this firewall"

I think the TS don´t want to just block DNS requests to WAN. He wants all DNS requests to be resolved by unbound, even if the devices have hardcoded DNS Servers.

nferocious76 · January 06, 2024, 06:25:54 PM

I found Google APIs Client Library for PHP as part of the package php82-google-api-php-client.
Could this also be the cause?

cookiemonster · January 06, 2024, 11:29:26 PM

the "cause" of this was a misconfugration on the firewall rules.

firewall allowing WAN to connect to Google DNS servers

Fright

March 05, 2021, 07:03:42 AM #30 Last Edit: March 05, 2021, 07:05:34 AM by Fright

tiermutter

March 05, 2021, 12:17:16 PM #31

nferocious76

January 06, 2024, 06:25:54 PM #32

cookiemonster

January 06, 2024, 11:29:26 PM #33