Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Automatic F/W rule installed for CARP, when CARP is admin disabled
« previous
next »
Print
Pages: [
1
]
Author
Topic: Automatic F/W rule installed for CARP, when CARP is admin disabled (Read 152 times)
hharry
Newbie
Posts: 4
Karma: 0
Automatic F/W rule installed for CARP, when CARP is admin disabled
«
on:
December 02, 2024, 11:37:55 pm »
It seems the is an automatic IPv4 CARP rule is applied, when CARP is administratively disabled.
Can this tidied up?, such that when CARP is admin disabled, the automatic rule's are removed...
«
Last Edit: December 02, 2024, 11:46:12 pm by hharry
»
Logged
Patrick M. Hausen
Hero Member
Posts: 6925
Karma: 583
Re: Automatic F/W rule installed for CARP, when CARP is admin disabled
«
Reply #1 on:
December 02, 2024, 11:46:44 pm »
They do not open any attack vector, so why?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
hharry
Newbie
Posts: 4
Karma: 0
Re: Automatic F/W rule installed for CARP, when CARP is admin disabled
«
Reply #2 on:
December 02, 2024, 11:49:01 pm »
there mere fact that the rule is installed, and enabled, when CARP is admin disabled is sloppy in itself...needs to cleaned up....
It should be a simple trivial fix, so why you need to debate a useless point ?
Logged
Patrick M. Hausen
Hero Member
Posts: 6925
Karma: 583
Re: Automatic F/W rule installed for CARP, when CARP is admin disabled
«
Reply #3 on:
December 02, 2024, 11:51:27 pm »
Sorry, but disagree. It's perfectly feasible to have a set of static "always active" rules that provide fundamental functions even if these are not used. Like IPv6 neighbour discovers, IPv4 ARP, ...
There are bigger fish to fry in the firewall space.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
hharry
Newbie
Posts: 4
Karma: 0
Re: Automatic F/W rule installed for CARP, when CARP is admin disabled
«
Reply #4 on:
Today
at 12:06:08 am »
and this type of response is why opnsense can never be taken as a serious F/W....
Logged
mooh
Jr. Member
Posts: 99
Karma: 3
Re: Automatic F/W rule installed for CARP, when CARP is admin disabled
«
Reply #5 on:
Today
at 01:00:39 pm »
Nothing kills security faster than complexity. Fewer rules are always better. So I agree with hharry. If a feature is off, the rules shouldn't be there. This is the same reason why I would like to see the policy routing rule set by "Disable force gateway" be disabled by default or removed entirely.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Automatic F/W rule installed for CARP, when CARP is admin disabled
