Alias firewall block rule not blocked!
-
@mrsunfire said in Alias firewall block rule not blocked!:
igb4 udp 47.91.90.222:32100 <- 192.168.1.17:10085 MULTIPLE:MULTIPLE
age 00:23:35, expires in 00:00:48, 45:41 pkts, 3200:1680 bytes, rule 182
id: 000000005cd295e5 creatorid: d0585f4d@182(1417115627) pass in quick on igb4 inet from 192.168.1.0/24 to any flags S/SA keep state label "USER_RULE: Allow ALL IPv4"
[ Evaluations: 2225 Packets: 471566 Bytes: 563093528 States: 42 ]
[ Inserted: pid 41920 State Creations: 1750 ]Was not blocked. I still maintain you are confused. I have no idea what state things are in, what should be blocked and what is or isn't because you keep saying you are restoring configs, etc. Stick with ONE configuration, detail exactly what you think should or should not be happening, don't click around trying to fix it, and we might be able to find out where the misconfiguration is.
-
The 182 is the LAN to WAN allow any:any rule.
-
Yeah I know.
-
I‘m still at the same config. Now I rebooted and it works again. I will try to reboot and see if the problem reappears.
-
Remember that the block rule was above the 182. I don‘t get it why that rule passes for that host.
-
Was it? I would need to see it in the current active rule set at the time the state was created.
-
Dude stop rebooting and restoring old configs and work with what is there and can find out what you have misconfigured..
-
Well I did that because I want to find out what was the problem with the old config. Right now it works. Maybe after next boot it's not working anymore. I don't know.
-
@mrsunfire said in Alias firewall block rule not blocked!:
Maybe after next boot it's not working anymore. I don't know.
nonesense.. Unless you change freaking your confings around again.... Or you have problems with the rules loading? in general? Or you have delay in aliases working.. But if your putting in IP vs fqdn there should be no delay like resolving them.. that could maybe cause a problem.
But if your trying to figure out what is allowing something out you have to work with current rules and states, and don't reboot in the middle, etc.
-
Thats the actual state:
And nothin in pfTop. How it should be. But it's the same as the old config. Thats what confused me.
Netgate 6100 MAX
-
That is not a "STATE"
-
Well thats how it is right now. I only did a reboot to find out if this results in something and it looked like as you see above. Sometimes it was not working, after next reboot it was.
-
That is not a state, that is just your firewall rule and and what is in the alias... A "state" would be in your "state table" jimp already went over in great detail how to track down which rule created a specific state that could be allowing traffic through... If traffic is blocked then no states would be created..
-
@mrsunfire said in Alias firewall block rule not blocked!:
Thats the actual state:
And nothin in pfTop. How it should be. But it's the same as the old config. Thats what confused me.
Are these all of the rules defined on the interface? Are we looking at only a partial screen shot? What is the full text of that rule at the top (the one withi PROTO "any" and SRC "any")? The pop-up tooltip window is obscuring the rest of the rule. That rule, at least what appears in the screen, would allow all traffic and thus your block rules never get evaluated.
-
That's all, nothing special.
-
I now again recovered my old config from that date before I created this thread and everything works fine. I can't get it do not work anymore. And yes, I saved my config before I started to try anything last month.
