Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
default deny rule not working on port 443
« previous
next »
Print
Pages: [
1
]
Author
Topic: default deny rule not working on port 443 (Read 1245 times)
MiRei
Newbie
Posts: 16
Karma: 0
default deny rule not working on port 443
«
on:
March 23, 2022, 03:17:57 pm »
With our installation of OPNSense 22.1.3 and 21.7.8, the automatic default deny rule did not work for port 443 any longer. The following entries appear in the LOG:
VL905 -> 2022-03-23T15:05:47 sourceip:54611 targetip:80 tcp Default deny rule
WAN <- 2022-03-23T15:05:44 sourceip:54612 targetip:443 tcp let out anything from firewall host itself
If you set up a new interface, a device can access to the internet via port 443 in this network, even though no FW rules have been created for it.
Does anyone have any idea what the reason for this could be?
Thanks, MiRei
Logged
MiRei
Newbie
Posts: 16
Karma: 0
Re: default deny rule not working on port 443
«
Reply #1 on:
March 24, 2022, 08:05:05 am »
Even if I add a block rule to "any" in the ruleset of the network,
communication via port 443 is possible.
There is no manual floating rules that allows port 443.
Logged
Patrick M. Hausen
Hero Member
Posts: 6824
Karma: 572
Re: default deny rule not working on port 443
«
Reply #2 on:
March 24, 2022, 10:18:01 am »
You can do a `pfctl -s rules` on the shell, then investigate from there.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
MiRei
Newbie
Posts: 16
Karma: 0
Re: default deny rule not working on port 443
«
Reply #3 on:
March 24, 2022, 12:18:14 pm »
In the livelog I can find the rid (fae559338f65e11c53669fc3642c93c2) that lets 443 through.
On the console I'll get:
pfctl -sr | grep fae559338f65e11c53669fc3642c93c2
the following output:
pass out log all flags S/SA keep state allow-opts label "fae559338f65e11c53669fc3642c93c2"
Unfortunately, this doesn't really help me.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
default deny rule not working on port 443