Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Automatically Generated Firewall Rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Automatically Generated Firewall Rules (Read 974 times)
Spiky_Gladiator
Newbie
Posts: 23
Karma: 0
Automatically Generated Firewall Rules
«
on:
January 08, 2023, 11:50:40 pm »
I have noticed that OPNSense automatically generates some firewall rules for a various interfaces like WAN, LAN and so on. The general rule for firewalls is to always go deny first then allow at the bottom. However, I have noticed that the automatically generated firewall rules usually go by allow first then deny at the bottom. I have tried to edit them to change the order in which they appear but you can't adjust them. Are there any reasons why the automatically generated rules go in the reverse order ?
Logged
Demusman
Sr. Member
Posts: 304
Karma: 13
Re: Automatically Generated Firewall Rules
«
Reply #1 on:
January 09, 2023, 12:05:41 am »
What firewall has an allow at the bottom? None i ever used.
there is always an explicit deny as last rule.
Logged
Koldnitz
Jr. Member
Posts: 84
Karma: 13
Re: Automatically Generated Firewall Rules
«
Reply #2 on:
January 09, 2023, 12:08:42 am »
Everything is denied unless explicitly allowed above the deny all rule (at bottom).
The rules are evaluated top to bottom.
In my rather painful experience those automatic rules should not be messed with ... if you do (and you are new at this) I guarantee you will be making a post asking how to get in when you are locked out of your box (assuming you are using the gui).
TLDR: If you put a deny all rule above any of the other rules ... it will be denied / never evaluated.
Cheers,
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
Automatically Generated Firewall Rules
