Something created an unexpected LAN firewall rule...??
-
My client's users have been complaining they could not get to the Oregon.Gov domain's various websites. TCPdump showed traffic hitting the firewall, but not emerging from it. I found an unexpected block on the principal Oregon.Gov net (99.86.38.*) in the LAN firewall. I'm the only one with admin password on the firewall, and I did not knowingly create the rule.
Seeking to understand if this is in general (1) an expected behavior and (2) how would one best prevent this from happening in the future?
Netgate 6100, 23.01-RELEASE (amd64), 58 days since installation. One non-base package: "openVPN Client Export" which I installed, three others which apparently auto-installed: aws-wizard, netgate firmware upgrade, ipsec profile wizard.
(Probably unrelated, or not: there are ongoing random complaints about other sites suddenly not being reachable; still trying to pin those down, as they are reachable from other computers in the building on another network using another cable modem configured the same as this network...)
-
@samvause said in Something created an unexpected LAN firewall rule...??:
I'm the only one with admin password on the firewall, and I did not knowingly create the rule.
- You can click edit for the rule and see at the
bottom when it was made and by whom
Go to Diagnostics->Backup and Restore and click on the Config History tab.
If it was made in the last 30 changes it will be in the revision history.
- You can click edit for the rule and see at the
-
@rcoleman-netgate, very much appreciate you teaching me something new. I tried to click both Old/New buttons and then Diff on the previous Firewall Rules changes (3/29 PM when I was making changes according to my notes), but the Diff function returns nothing.
I noticed an additional anomaly: the current configuration - reflecting the changed firewall rules - does not appear to allow a return to the prior settings:
This is a bummer as I was hoping to check out any comments embedded in that specific rule - there was quite the rush to delete it and restore URL access to the state as that affects my client's funding. -
@samvause said in Something created an unexpected LAN firewall rule...??:
reflecting the changed firewall rules - does not appear to allow a return to the prior settings:
Look on the line below it for this:
-
@rcoleman-netgate, again thank you. Worked perfectly, restored the rule, and promptly disabled it. My client-office workstation is shown as the source of the change, and my notes indicate at that time I was working on blocking TikTok using IPaddresses. I remain clueless how I overtly blocked the State of Oregon (Oregon.Gov) but have to accept the fact that my actions caused it. SIgh. Perhaps should not work on firewall changes at 10:30pm mid-week.
Thank you, again, for your insightful responses!
-
@samvause said in Something created an unexpected LAN firewall rule...??:
Perhaps should not work on firewall changes at 10:30pm mid-week.
That's usually how it goes ;-)
Glad you got to the bottom of it!
-
@samvause If it was one IP there are ways to do that by mis-click such as the EasyRule icon:
...on the firewall log page. Not sure of a way to click-make a rule for an IP block though, offhand. -
@steveits, thanks - it was an entire net address "99.86.38.*" which is so weird.....
-
That subnet looks like an Amazon Web Services range, so there could be all sorts of websites in there !!