[SOLVED] Firewall rule nooit working

[gert23]

Hi

I am a newbie in Opnsense.
I made an alias with the ip addresses of my ipcams.
They are al connected to a switch being lan2.

I like to prevent that they can connect to the internet.

What am i doing wrong? Had destination wlan but later any.

Best regards


Verstuurd vanaf mijn SM-G998B met Tapatalk

[meyergru]

Direction should be IN (from the LAN interface perspective, the packets come in) and destination should probably be ANY, as WAN net is only one of the ISPs networks.

[gert23]

Unfortunately that didn't help.
I made an alias to a laptop to test it easier than with the cams.
But still no internet block



Verstuurd vanaf mijn SM-G998B met Tapatalk

[gert23]

Forget these screenshots

Verstuurd vanaf mijn SM-G998B met Tapatalk

[gert23]

Current situation
Still not working



Verstuurd vanaf mijn SM-G998B met Tapatalk

[meyergru]

In case your rules do not fire, you obviously have some rule(s) that are applied before those interface rules. You showed neither any of the automatic rules nor NAT rules.

Also, there are sections that are applied before the "interface" rules:

Please look at https://docs.opnsense.org/manual/firewall.html first and take a look at the "processing order" section. The "system" and "floating" rules are applied before the interface rules, even groups are higher in priority than interfaces. If there is any "quick" rule that allows LAN traffic, it will fire first.

From scratch, there is a special "Allow All" rule ONLY for the LAN interface that has to be disabled (but then, you have to define something equivalent yourself). It is mentioned in here: https://www.sunnyvalley.io/docs/network-security-tutorials/how-to-configure-opnsense-firewall-rules

Also, heed this warning:

NAT rules are always processed before filter rules! So for example, if you define a NAT : port forwarding rules without a associated rule, i.e. Filter rule association set to Pass, this has the consequence, that no other rules will apply!

Creating firewall rules on OpnSense can be tricky for beginners, there are some guides out that systematically show use cases like these:

https://www.sunnyvalley.io/docs/network-security-tutorials/how-to-configure-opnsense-firewall-rules

https://homenetworkguy.com/how-to/firewall-rules-cheat-sheet/

[gert23]

Hi,

I received the device second hand but as freshly installed he said.
But there is a floating rule that I cannot explain for myself.

[meyergru]

Hi,

I received the device second hand but as freshly installed he said.
But there is a floating rule that I cannot explain for myself.

That rule lets anything through from the LAN to (and also from) anywhere and as such, is very unsafe.

[gert23]

I think, this did the trick.
Even connection to 192.168.0.1 didnt work anymore with the 4 rules

[gert23]

Hi,

I received the device second hand but as freshly installed he said.
But there is a floating rule that I cannot explain for myself.

That rule lets anything through from the LAN to (and also from) anywhere and as such, is very unsafe.

I don't know where this came from :-)

Verstuurd vanaf mijn SM-G998B met Tapatalk

[gert23]

Disabling that floating rule did the trick. Finally I reacts to my rules. And see the traffic in Live View.
Thanks.