Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
(Moderator:
fabian
) »
Default / Hidden rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Default / Hidden rules (Read 1455 times)
southman
Newbie
Posts: 4
Karma: 0
Default / Hidden rules
«
on:
July 09, 2016, 03:04:30 pm »
Where/how can I view (show) the default/hidden rules? I have searched high and low. Am I missing it?
-M
Logged
.....it's a dirty job but someone said I had to do it...
-M
phoenix
Sr. Member
Posts: 430
Karma: 50
Re: Default / Hidden rules
«
Reply #1 on:
July 09, 2016, 04:37:23 pm »
Which hidden rules are you talking about and how do you know about them if they're hidden?
Surely all the rules are listed on each of the relevant UI pages (including the disabled ones) or am I missing something?
Logged
Regards
Bill
southman
Newbie
Posts: 4
Karma: 0
Re: Default / Hidden rules
«
Reply #2 on:
July 09, 2016, 08:05:17 pm »
Because it's s fork.....| | |
|_|_|
|
|
|
-M
Logged
.....it's a dirty job but someone said I had to do it...
-M
weust
Hero Member
Posts: 597
Karma: 55
Re: Default / Hidden rules
«
Reply #3 on:
July 09, 2016, 10:09:48 pm »
Wut?
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
southman
Newbie
Posts: 4
Karma: 0
Re: Default / Hidden rules
«
Reply #4 on:
July 09, 2016, 10:33:20 pm »
What are the "hidden rules" installed when the "default settings are applied" ? Doesn't a "default" install of OPNsense default install with "default/hidden" rules?
If it does, what is that rule set, and how/where can I view them?
«
Last Edit: July 09, 2016, 10:50:44 pm by southman
»
Logged
.....it's a dirty job but someone said I had to do it...
-M
weust
Hero Member
Posts: 597
Karma: 55
Re: Default / Hidden rules
«
Reply #5 on:
July 09, 2016, 11:37:55 pm »
No idea, but why would it have hidden rules and which kind of rules would these be?
You seem to have the idea there are hidden rules in all firewall/routers?
Logged
Hobbyist at home, sysadmin at work. Sometimes the first is mixed with the second.
southman
Newbie
Posts: 4
Karma: 0
Re: Default / Hidden rules
«
Reply #6 on:
July 10, 2016, 12:56:22 am »
I am not looking to pick a fight here. It's really pretty simple, opnsense either uses hidden/default rules or it doesn't (neither good or bad). For my own personal edification, it is something I would like to know.
It is not uncommon for firewalls to use this type of architecture. Since opnsense is a fork of pfsense it would make sense that was carries over into opnsense.
All I am asking for is a simple confirmation or denial, and if they are using default/hidden rules, what are they?
Logged
.....it's a dirty job but someone said I had to do it...
-M
AdSchellevis
Administrator
Hero Member
Posts: 566
Karma: 110
Re: Default / Hidden rules
«
Reply #7 on:
July 10, 2016, 02:30:40 pm »
Hi,
Yes, there are default rules which are not visible in the UI, the source of the defaults is filter.inc (
https://github.com/opnsense/core/blob/master/src/etc/inc/filter.inc
).
Eventually we are going to restructure the auto-generated rules to make these defaults visible and simply our filter generation (
https://github.com/opnsense/core/issues/993
), which will very likely mature in our 17.1 release.
The easiest way to inspect which rules are actually generated for your setup (some rules are optional) is to read the /tmp/rules.debug file.
Best regards,
Ad
Logged
mibtac
Newbie
Posts: 7
Karma: 1
Re: Default / Hidden rules
«
Reply #8 on:
July 12, 2016, 05:34:49 am »
You can also simply go to the shell and use the PF tools to inspect the rules in detail. For example, pfctl -sr will show you the currently loaded rules. The rules in PF are quite a bit easier to read than, say, in Linux iptables.
This is one big advantage of an open solution: You can dig as deep as you like and see exactly what's going on.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
(Moderator:
fabian
) »
Default / Hidden rules