Legacy Rules Migration

Started by SMiTTY, February 06, 2026, 08:49:26 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 06, 2026, 08:49:26 PM
The migration worked for the most part, with one exception...My WAN2 interface rule didn't work.
I found Asymmetric routing where my external monitoring was coming in on my WAN2 and going back out on WAN1.

This worked in Legacy rules with a simple rule as follows :
 
Code Select
Interface: WAN2Xfinity

Direction: In

Protocol: any

Source: Monitoring_Alias

Destination: WAN2Xfinity

Gateway: Default

In the New rules section I had that same rule and that's when external pings started failing.
That is where I saw packets coming in WAN2 and out WAN1.


Anyhow, in order to get it to work I needed to set reply-to (Advanced-View) to the WAN2Xfinity interface.

Code Select
Interface: WAN2Xfinity

Direction: in

Action: Pass

Protocol: ICMP

Source: Monitoring_Alias

Destination: WAN2Xfinity

Reply-To : WAN2Xfinity
Other than that, all my other rules cut over just fine.
February 06, 2026, 09:44:34 PM #1
Quote from: SMiTTY on February 06, 2026, 08:49:26 PMThat is where I saw packets coming in WAN2 and out WAN1.

According to the docs OPNsense adds 'reply-to' by default on WAN rules for this reason:

https://docs.opnsense.org/manual/firewall_settings.html#disable-reply-to

I don't see anything in the 26.1 release notes indicating that this has changed.  Did you check the setting under Firewall->Settings->Advanced?
Print
Go Up Pages1
User actions