Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Started ignoring rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Started ignoring rules (Read 1013 times)
bazbaz
Jr. Member
Posts: 53
Karma: 2
Started ignoring rules
«
on:
March 13, 2024, 05:19:51 pm »
I've a firewall that was working until today (when I updated from 24.1.2 to 24.1.3, but maybe the problem has started before the upgrade), that now is not applying rules as expected.
I can see in the log that packets are dropped because "Default deny / state violation rule", but rules that allow that kind of packet are loaded (and they are working until yesterday).
I've this problem both on rules with SNAT (for example to connect to HTTPS), and without any NAT (for example simple "routing" from client in a network to AD servers in an other).
Tried to restart firewall service, and also all appliance but nothing
This is an hell: something can help me?
thanks
Logged
Patrick M. Hausen
Hero Member
Posts: 6799
Karma: 571
Re: Started ignoring rules
«
Reply #1 on:
March 13, 2024, 05:26:03 pm »
Please post parts of the log that show the "Default deny / state violation rule" hit and the firewall rule that should allow the traffic instead.
Complete with interfaces and IP addresses, please.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
bazbaz
Jr. Member
Posts: 53
Karma: 2
Re: Started ignoring rules
«
Reply #2 on:
March 13, 2024, 05:31:48 pm »
for example:
F03LAN 2024-03-13T17:27:39 10.77.67.3:54052 52.20.40.101:443 tcp Default deny / state violation rule
F03LAN 2024-03-13T17:27:15 10.77.67.3:56432 34.149.211.227:443 tcp Default deny / state violation rule
and attached rules for F03LAN. The first is a bypass I added to avoid the problem (that is not working) and the last the rule I aspect that will allow the flow of above blocked logs.
The F03LAN address is 10.77.67.1/26
«
Last Edit: March 13, 2024, 05:33:34 pm by bazbaz
»
Logged
Patrick M. Hausen
Hero Member
Posts: 6799
Karma: 571
Re: Started ignoring rules
«
Reply #3 on:
March 13, 2024, 05:38:34 pm »
Can you show the TCP flags of the log entry?
Looks right to me - your rule should allow outbound access to ports 80 and 443.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
bazbaz
Jr. Member
Posts: 53
Karma: 2
Re: Started ignoring rules
«
Reply #4 on:
March 13, 2024, 05:41:04 pm »
sometimes
tcpflags RA
sometime only A
Logged
zan
Full Member
Posts: 175
Karma: 31
Re: Started ignoring rules
«
Reply #5 on:
March 14, 2024, 03:38:34 am »
Quote from: bazbaz on March 13, 2024, 05:41:04 pm
sometimes
tcpflags RA
sometime only A
Yea those are out-of-state packets. As long as they are not 'S' they are harmless.
See this for explanation:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html
You may want to experiment with Firewall>Settings>Firewall Optimization setting to suit your network.
Logged
bazbaz
Jr. Member
Posts: 53
Karma: 2
Re: Started ignoring rules
«
Reply #6 on:
March 21, 2024, 05:42:25 pm »
Maybe it's something similar, but I cannot explain nor fix
The first and the second server are in two subnets connected to this OPNSense. Direct and quick connection, no alternate route available.
Also tried to put the firewall in conservative
Also checking "Disable all packet filtering. " seems not solving problems
take a look to attached firewall log
«
Last Edit: March 21, 2024, 05:48:39 pm by bazbaz
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Started ignoring rules