Firewall rules gets mixed up after a few minutes
-
Hi folks,
This weird thing started happening today. The positions of the firewall rules started to get mixed up i.e. Rule #4 in position 4 gets to be in position 15 after a few minutes and after reloading the page. And I have not changed anything. I tried restoring the firewall rules from yesterday's backup and after about an hour the order has changed again. And there's a prompt for me to apply changes.
Has anyone encountered this? Can someone please help.
-
Have you tried the obvious?
Clear cache/cookies/private browser window/ switch to chrome- firefox?
The ultimate would be to try accesing it from a different deviceAnd by any chance, is anyone elset loggging in at the same time?
Changing passwords could fix this.
-
Yes. I cleared the cache. upgraded from firefox 70 to 71. And the only person that can log in is beside me. And we did change our passwords ...
-
Hey guys, just an update. I may have found out what's mixing the firewall rules. I took a look at the logs and the only package that updates the rules is the pfBlockerNG. I disabled the package and observed the rest of the night and until this morning and no changes were made to the firewall rules. I'm going to keep it disabled for a while or at least until the next package update.
Thank you!
-
@noel-alanguilan said in Firewall rules gets mixed up after a few minutes:
Hey guys, just an update. I may have found out what's mixing the firewall rules. I took a look at the logs and the only package that updates the rules is the pfBlockerNG. I disabled the package and observed the rest of the night and until this morning and no changes were made to the firewall rules. I'm going to keep it disabled for a while or at least until the next package update.
Thank you!
pfBlockerNG reorders your firewall rule as a feature of the package. I don't think that will change with an update. It's just the way that package operates so far as I know.
-
@bmeeks yes, pfBlockerNG does update the rules per active interface -- adds two rules at the top of each interface and leaves the rest alone. But I noticed that one interface there are more rules than usual -- most are duplicates. When I disabled pfBlockerNG, the changes to the ordering of the rules stopped as well -- well, at least for a a few hours. After I read your reply I checked the rules again and it's changed again...
-
@noel-alanguilan said in Firewall rules gets mixed up after a few minutes:
@bmeeks yes, pfBlockerNG does update the rules per active interface -- adds two rules at the top of each interface and leaves the rest alone. But I noticed that one interface there are more rules than usual -- most are duplicates. When I disabled pfBlockerNG, the changes to the ordering of the rules stopped as well -- well, at least for a a few hours. After I read your reply I checked the rules again and it's changed again...
I don't use the pfBlockerNG package, but I know the developer and he and I correspond from time to time discussing our supported packages (he does pfBlockerNG and I do Snort and Suricata). I believe pfBlockerNG will reorder the rules (potentially) each time it updates an IP list.
Note -- by "reorder" I don't mean to imply that it will just randomize your rules. It will, though, put certain rules referencing any list aliases in preferred positions. That will likely have the effect of making some of your rules appear to be "moved" or reordered.
-
I do note that pfBlockerNG does not randomize the order of the rules. So it's weird what is causing this.
-
Under Firewallp/fBlockerNG/IP yo can control how rules are sorted out
If you are using default setting pfblocker will always change rules order.
-
This is noted and will experiment with this in the next few days when most people in the office are in their Christmas break. Thank you!!!
