Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Default deny rule started blocking things that it should not have
« previous
next »
Print
Pages: [
1
]
Author
Topic: Default deny rule started blocking things that it should not have (Read 2146 times)
grimm26
Newbie
Posts: 5
Karma: 0
Default deny rule started blocking things that it should not have
«
on:
June 24, 2021, 05:52:16 pm »
I'm running 21.1.6 on bare metal, single wan interface.
I had an issue last week where I was experiencing what seemed like service brownouts for many websites/services. I couldn't complete a login to gmail. I stopped being able to see all of my photos in google photos and couldn't upload new ones. I checked google's status page, all green. After looking around my opnsense box, I noticed that the firewall was blocking a ton of stuff heading out to the internet with the default deny rule. All of this was working fine the previous day, but for some reason opnsense decided that certain IPs should be blocked by the default deny rule. I wasn't sure if there was some cache I could choose to clear or service I could restart, so I rebooted and everything went back to normal.
This happened right before I was leaving on a trip for a few days so I just wanted ti back to working. The filter logs seem to have rolled over so I can't post a log og exactly what happened. Today I will set up sending logs to a server on my network
Has anyone else experienced the firewall starting to block things with the default deny rule when it should not?
Logged
opn_nwo
Jr. Member
Posts: 70
Karma: 0
Re: Default deny rule started blocking things that it should not have
«
Reply #1 on:
June 24, 2021, 06:40:00 pm »
Not quite the same, but I noticed that the default deny rule started logging some traffic with src and dest in the same VLAN/Subnet. That traffic should not pass through the FW/GW, but somehow it gets picked up. I'm not talking about broadcast stuff, just straight ip to ip in the same broadcast domain. I posted about it few days ago. I ended up creating an allow rule just to clean the logs. Bizarre for sure.
Logged
FarmServer
Newbie
Posts: 29
Karma: 3
Re: Default deny rule started blocking things that it should not have
«
Reply #2 on:
June 24, 2021, 08:31:18 pm »
This happens to me sometimes and is really frustrating.
Going into the ARP section and flushing the table gets things to work again. Rebooting wont work.
I think somehow, a device will be assigned an address from dhcp, like 192.168.1.133 and then that computer will disconnect from the network and log back in. The DHCP server will give the device a new IP of 192.168.1.122 and will update the ARP table accordingly(viewed from the webgui) but traffic will be routed using the old IP even though nothing in the system is registered to that IP. The firewall sees this is a foreign/unregistered IP and blocks it.
So there is some sort of situation where traffic will get routed briefly based on some other identifier besides the IP assigned by DHCP. For the record, I am only using DHCP to assign ip addys to people on my wifi and this only happens to users on my wifi. I am not using anything other than the stock configuration for adding devices to my network. My wifi is provided by access points that have static IP addresses assigned to them that arent available to the dhcp range and will occur whether I have one AP or multiple ones(so I think its not a roaming issue caused by the APs)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Default deny rule started blocking things that it should not have