Floating rule issues

Started by jclendineng, May 20, 2022, 04:21:15 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 20, 2022, 04:21:15 AM
I posted on a couple other threads regarding Default deny/state violations in the logs. On a related note, I have floating rules for certain items but it was my understanding that interface rules applied after floating. Im blocking a lot of IGMP traffic and had to make a new floating rule to allow IGMP on all interfaces. This shouldn't be required...floating rules are applied prior to interface rules so if there are default deny rules in the floating rules they will take precedent over the allow alls I have on each interface...Im also seeing blocked traffic to certain servers from a reverse proxy. all other traffic from that proxy is allowed so I'm not sure why/where the default deny is happening.
May 20, 2022, 07:26:15 AM #1
https://docs.opnsense.org/manual/firewall.html#processing-order
And the "quick" setting might be important here ...
May 20, 2022, 04:44:10 PM #2
I get that part, I guess my question is more along the lines of why then does the Floating rules have a default deny all at the top? Wouldn't that logically mean that all the Default deny / state violation rules I'm seeing are from the "System Defined" rule in floating? Some are tagged DF, that's fine, I get that is blocked unless I manually change in FW settings but what about all the traffic blocked that do not have any tags? There isn't really any visibility into why its being dropped except its a state violation of some sort, making it hard to diagnose new drops.
Print
Go Up Pages1
User actions