1.2.3RC1: Filtering rules on OpenVPN interface
-
Hello,
I've established a PKI-Based OpenVPN Site-To-Site Tunnel between two locations without any hassle.
Having upgraded to 1.2.3-RC1, I'm trying to add firewall rules on the tun0 interface
that I added in 'Interfaces'.I've disabled 'Disabled all auto-added VPN rules' in 'System->Advanced'.
My new rule also appears when using 'pfctl -sr | grep tun0'
(block drop in quick on tun0 inet proto icmp all label "prohibit ping")Why can I still ping fom the 'client' to the OpenVPN Server?
Do I need to restart the tunnel, when rules change?It does seem that no rule is honored on tun0, I do not understand why that is the case.
Also, I did not find a clear answer in this forum.I'd appreciate any help, thanks a lot,
- Karl
-
It seems it simply takes a minute or two for the rule to apply but it does work.
Is this lag plausible?
(I'm using soekris 5501 boxes with HW Crypto) -
Did you clear the statetable after changing the rules?
Also it can take some time for the rules to reload.
(click on the "monitor" link after pressing the "apply rules" button to see when the rules are completely reloaded.) -
i think it simply it takes a while to reload the ruleset, i used monitoring.
thanks.