Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Definition of 'any' for protocol?

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      danswartz
      last edited by

      I found out the hard way that when you create a rule via the webGUI that says 'any' for the protocol, that really means 'tcp' :(  This is on 1.2.3RC3.  I have a WLAN bridged to the LAN and created the allow any => any proto any rule and was surprised to see UDP being blocked according to the filter log.  Dumped the rules and saw:

      
pass in quick on ath0 all flags S/SA keep state label "USER_RULE"

      As far as I know, there is no syn or ack flags for UDP, so how can this work?  I changed it to tcp and added an explicit rule for UDP too, and now see this:

      
pass in quick on ath0 proto tcp all flags S/SA keep state label "USER_RULE"
pass in quick on ath0 proto udp all keep state label "USER_RULE"

      Am I missing something here?  I think this also explains why my polycom320 office phone was not able to boot successfully (the bootp was being blocked.)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.