[SOLVED] Upgrade repository problem and firewall understanding

[Ludovik]

Hi All and thanks for the great software.

1)
I installed from scratch "OPNsense-16.1.8".
Then I upgraded it from the Webgui to "OPNsense 16.1.20" and everything seems ok, but when I clicked again on "Click to check for updates" button it return repository error.
I tried to go under System-Settings-General and click save, but it didn't work.
To fix it, I had to manually change /usr/local/etc/pkg/repos/origin.conf "${ABI}/16.7/latest" to "${ABI}/16.1/latest" so maybe there's something wrong on the upgrade package.

2)
Then I have another question. I checked all documentation and forum, but I didn't find the answer.
I need to know how firewall works on OPNsense. Usually I work with input-forward-output schema, but I'm unable to find forward chain on OPNsense, so I don't know how to control forwarded traffic.

3)
I didn't find how to manage ESTABLISHED and RELATED connections, is there some more specific documentation will all these information?

Thanks a lot in advance.
Ludovik.

[fabian]

1) See https://forum.opnsense.org/index.php?topic=3399.0
2) There is no forward chain - pf rules can be invoked when a packet is received (IN) or sent (OUT) by an interface. Forward traffic hits the firewall twice: once it is received and once it is sent out to the next router / host. The GUI of OPNsense creates only rules for incoming traffic.
3)  https://www.openbsd.org/faq/pf/filter.html if you need additional information.