Firewall rule for alias doesnt work until after reboot
-
So ive had this issue since 2.4.x days. Now i'm on 2.5.0
I have an alias in which i have some IP subnets. This alias is used as "source/allowed" in some NAT rules to allow connection from those IPs from the outside world.
Today i noticed i was getting hit on a certain port from an IP which was within one of the subnets in the alias.I went ahead and removed that subnet from the alias, applied changes, however i kept getting hit from that one IP.
I monitored this for a good 30 min thinking maybe eventually it will start getting blocked but it didnt. Firewall log showed that "let out anything from firewall host itself" entry for these hits. Which i dont understand..Anyways, the IP only started getting blocked once i rebooted the FW. I have seen similar scenarios where i would update/add/remove IPs from the alis=as but it doesnt take affect until after a reboot. Shouldnt this work without having to reboot the who firewall?
-
@alirz Existing states are not affected by a rule change. Go to Diagnostics - States, filter for the IP in question and then kill the states.
-
@kom I see. Good point. Thank you.
