Interface rule order
-
Hi,
On an interface I have only one rule:
Allow IPv4 any to any
To make the firewall more strict I watched the log and added a rule above the one existing already:
Allow IPv4 UDP Source Interface IP Destination <ip adress>:1900
Both rules have log enabled.
In what order are the rules processed?
The rule with port 1900 does not show up in the log. The more general rule does.Version: 2.5.0.a.20210104.0250
-
https://pfsense-docs.readthedocs.io/en/latest/firewall/firewall-rule-processing-order.html
So your Rule does not match or you still have existing states open.-Rico
-
@rico said in Interface rule order:
or you still have existing states open.
Thanks @rico
So I have to reboot the device (iptv stb) connected to the interface? After that the rule takes effect? -
You can flush States in
Diagnostics > States > Reset States-Rico
-
Did flush. Unfortunately no change.
-
Post up a screenshot of your rules.
Rules are evaluated top down, first rule to trigger wins, no other rules are evaluated.
If your saying your not seeing any hits on your rule either in the interface firewall tab (the 0/0 in states column) or the log when you have the rule set to log.
Then its not being triggered. Most likely because you have the rule written in such a way its not matching.
So show us the rules you actually created via a screenshot, and then the log entry your seeing..