This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help - Firewall rule which allows port still getting dropped

I have set up a firewall rule to allow communication from a host on my network to communicate out on UDP ports 16800:16820.  I do not have any other rule blocking that port.  Though the firewall is still dropping those packets.  Any ideas on what I am doing wrong and how to correct?  Please see firewall log example below:

2022:09:21-11:59:46 osysb01 ulogd[9951]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="00:01:2e:65:33:33" srcip="192.168.1.70" dstip="34.199.17.123" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="16820" dstport="21940" 
2022:09:21-11:59:46 osysb01 ulogd[9951]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x11a7" app="423" srcmac="xx:xx:xx:xx:xx:xx" dstmac="d0:37:45:4a:d2:6b" srcip="34.199.17.123" dstip="12.34.56.789" proto="17" length="200" tos="0x00" prec="0x00" ttl="50" srcport="21940" dstport="16820" 
2022:09:21-11:59:46 osysb01 ulogd[9951]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="00:01:2e:65:33:33" srcip="192.168.1.70" dstip="34.199.17.123" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="16820" dstport="21940" 
2022:09:21-11:59:46 osysb01 ulogd[9951]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x11a7" app="423" srcmac="xx:xx:xx:xx:xx:xx" dstmac="d0:37:45:4a:d2:6b" srcip="34.199.17.123" dstip="12.34.56.789" proto="17" length="200" tos="0x00" prec="0x00" ttl="50" srcport="21940" dstport="16820" 
2022:09:21-11:59:46 osysb01 ulogd[9951]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="00:01:2e:65:33:33" srcip="192.168.1.70" dstip="34.199.17.123" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="16820" dstport="21940" 

Thanks!



This thread was automatically locked due to age.
Parents
  • Can you screenshot/snip tool your Firewall rule and post it here?  Obfuscate anything important, but I'd like to see how your rule is set up in the GUI.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Reply
  • Can you screenshot/snip tool your Firewall rule and post it here?  Obfuscate anything important, but I'd like to see how your rule is set up in the GUI.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Children
No Data