search

Rosa-Luxemburgstiftung-Berlin / ansible-opnsense

Ansible role to configure OPNsense firewalls
18 stars 8 forks source link

DNS broken after configuration reload #59

Closed rvalle closed 1 month ago

rvalle commented 8 months ago

Hi @zerwes

I have a suspicion that the latest patch on conditional reload of systems depending on configuration change may have broken something related to the firewall.

I have been working on the firewall today, and after uploading new configuration the DNS (unbound) breaks.

An NSLOOKUP comes back with: ;; communications error to 127.0.1.1#53: timed out

And looking at the firewall logs I could see that the flow was blocked due to state. rebooting the firewall fixed it.

I will keep an eye on this. Did you notice similar issues?

zerwes commented 8 months ago

Hello @rvalle I did not notice something similar w/ unbound (but I mostly don not use unbound on the opnsense device, but standalone) But states are sometimes really picky, sometimes killing states might help (but breaks all established connections!)

zerwes commented 1 month ago

new unbound setup in #96