Author Topic: default deny rule not working on port 443 (Read 1238 times)

MiRei · « **on:** March 23, 2022, 03:17:57 pm »

With our installation of OPNSense 22.1.3 and 21.7.8, the automatic default deny rule did not work for port 443 any longer. The following entries appear in the LOG:

VL905 -> 2022-03-23T15:05:47 sourceip:54611 targetip:80 tcp Default deny rule
WAN <- 2022-03-23T15:05:44 sourceip:54612 targetip:443 tcp let out anything from firewall host itself

If you set up a new interface, a device can access to the internet via port 443 in this network, even though no FW rules have been created for it.
Does anyone have any idea what the reason for this could be?

Thanks, MiRei

MiRei · « **Reply #1 on:** March 24, 2022, 08:05:05 am »

Even if I add a block rule to "any" in the ruleset of the network,
communication via port 443 is possible.
There is no manual floating rules that allows port 443.

Patrick M. Hausen · « **Reply #2 on:** March 24, 2022, 10:18:01 am »

You can do a `pfctl -s rules` on the shell, then investigate from there.

MiRei · « **Reply #3 on:** March 24, 2022, 12:18:14 pm »

In the livelog I can find the rid (fae559338f65e11c53669fc3642c93c2) that lets 443 through.

On the console I'll get:
pfctl -sr | grep fae559338f65e11c53669fc3642c93c2

the following output:
pass out log all flags S/SA keep state allow-opts label "fae559338f65e11c53669fc3642c93c2"

Unfortunately, this doesn't really help me.

Author Topic: default deny rule not working on port 443 (Read 1238 times)

MiRei

default deny rule not working on port 443

MiRei

Re: default deny rule not working on port 443

Patrick M. Hausen

Re: default deny rule not working on port 443

MiRei

Re: default deny rule not working on port 443