Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Is this on purpose????
« previous
next »
Print
Pages: [
1
]
Author
Topic: Is this on purpose???? (Read 4333 times)
OBOne
Newbie
Posts: 1
Karma: 0
Is this on purpose????
«
on:
November 16, 2016, 04:32:17 pm »
I am new to this project and i am correctly testing this release.
Versions OPNsense 16.7.8-amd64
FreeBSD 10.3-RELEASE-p11
OpenSSL 1.0.2j 26 Sep 2016
One thing i have found is if i ping 8.8.8.8 and i make a rule that blocks all ICMP and apply it, it still pings without problems?!?!?!? but if i kill the session on the client pc at try again it can't ping as expected!
Q: When i apply a rule like this should-en it KILL all sessions right away?
Regards
Martin
Logged
Phazor
Newbie
Posts: 1
Karma: 1
Re: Is this on purpose????
«
Reply #1 on:
November 17, 2016, 05:35:07 pm »
If the connection is already active a rule change will not sever the connection until it is released and then attempted again. This is true of most all firewalls.
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Is this on purpose????
«
Reply #2 on:
November 17, 2016, 06:24:02 pm »
You can kill the states by resetting the state table if you like but this will break your active connections
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Is this on purpose????