Oddity with Firewall Rule
-
I have an interface with a Allow All rule (IPv4+IPv6 *) but it seems like multicast and ICMP traffic is still being matched to the Default deny rule IPv4 according to the logs, even if I do an easy rule. Can't figure out why the Allow All isn't matching, or really any other allow rules on the interface for that matter.
Any thoughts on what I'm missing? It is a Routed VTI interface, not sure that matters though. -
Found this in the logs
There were error(s) loading the rules: /tmp/rules.debug:57: cannot define table bogonsv6: Cannot allocate memory - The line in question reads [57]: table <bogonsv6> persist file "/etc/bogonsv6"
Increased the Firewall Maximum Table Entries from 400000 to 800000 and was able to do a full filter reload. So apparently I couldn't load all the firewall filters was the root issue.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.