Flow rules do not work at all?!

sbeyer · June 14, 2022, 9:03am

Hello,

I have a really odd issue with Flow Rules: it seems that they do not work?!

If I put anything but accept; at the end of my rules, traffic gets blocked.

I started using statements that included ipsrc and ipdest, none of these rules worked. So I came up with this example: it should allow ICMP (0x01), UDP (0x11), and TCP (0x06):

accept ipprotocol 1;
accept ipprotocol 6;
accept ipprotocol 17;

drop;

But even in this simple example all traffic is blocked.

I think I need some help here …

Best regards

Stefan

zt-grant · June 14, 2022, 3:53pm

You’re blocking ARP, which is how IPv4 addresses are resolved to hardware (MAC) addresses on a network. You’ll note that the default rule set includes this:

#
# Allow only IPv4, IPv4 ARP, and IPv6 Ethernet frames.
#
drop
	not ethertype ipv4
	and not ethertype arp
	and not ethertype ipv6
;

accept;

What this does is drop anything that’s not IPv4, IPv6 or ARP. Specifying ICMP is not required as ICMP is already IPv4 or IPv6.

sbeyer · June 14, 2022, 7:14pm

OOOOOPS, you are right! I tried to create the smallest example possible and failed miserably

When I add

allow ethertype arp;

it works as expected!

I will flag your response as the Solution.

system · July 14, 2022, 7:15pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.