NEW WAN port has anti-lockout firewall rule, Why?
-
-
So how do I fix it? Any suggestions?
-
@sawilson Delete the interface completely and re-create it is the most effective way to remove the rule...
-
Also there's a System menu setting for it.
-
@sawilson said in NEW WAN port has anti-lockout firewall rule, Why?:
add my own entries for anti-lockout and check the box to stop the auto entries, which is doable but I wonder if it will pickup and delete this problem item
You can definitely create your own rules. I was going to suggest unchecking the system setting box, and checking it again, to see if it moves. Interesting though, on that screen it specifically mentions LAN, and you do not have an interface named LAN correct?
The 60 K on the rule indicates some traffic has matched the rule.
-
Ryan,
Tried deleting the interface and re-adding it. The entries come back.
As far as the system setting, as I previously asked, One idea I had was to add my own entries for anti-lockout and check the system box to stop the auto entries, which is doable but I wonder if it will pickup and delete this problem item on a WAN port (the description for the entry only speaks of LAN ports). Maybe I'd have to change it back to LAN temporarily????
S.
-
Steve,
The system setting is unchecked to create the entries and checked to stop it. LAN, as I understand it is the type of interface rather than the name. It should obviously ONLY create this auto entry for LAN and never for WAN. This interface was LAN but now is WAN but these anti-lockout firewall entries seem to be "sticky", there even after deleting and reconfiguring the interface.
I'm leaning towards creating my own entries and checking the box to see if that fixes it.
S.
-
@sawilson said in NEW WAN port has anti-lockout firewall rule, Why?:
The entries come back.
@rcoleman-netgate said in NEW WAN port has anti-lockout firewall rule, Why?:
Also there's a System menu setting for it.
-
@sawilson Sorry if I wrote it backwards. I meant, toggle it the other way, then back again.
It doesn't create them for all LANs (interfaces without a gateway), for example our office doesn't have it for our lab network. So it might actually be tied to the name LAN...? (edit: or in your case what was LAN, if it saved the interface the first time around)
-
Steve and to All,
Steve: I see what you're saying, I have 4 "LAN" ports and it only added the rule to one, maybe it just does it during the install to the default LAN port. I guess the idea is of the auto entry is to make sure you have access to configure initially and the rest is up to you.
I actually had added my own pass entries previously, so I just ticked the box in system and Voila! they went away.
Thanks everyone for your help and suggestions,
Scott