Firewall ignoring rules

Fabricio · May 28, 2026, 12:22pm

Hi all,

I work for a University.
We use a CCR1036-12G-4S - firmware at 7.17.2 version.

Lately, the ipv4 firewall is behaving weird.
If I add a new rule, the firewall ignores it.

All the traffic passes through a bridge, with 2 interfaces (in and out).
I.e.: if I add a rule on forward chain, bridge interface, dropping all icmp traffic for my PC IP, it doesn't work, neither captures the traffic (the bytes counters stays at 0).

I did try rad things, like drop all protocols, all interfaces, resulting in all of them ineffective.
That new rule, even moved to the list very top position, stays innocuous.

Weirdest, the old rules are working fine...
We don't have fasttrack activated yet. Nothing unusual.
This CCR is operating just as a simple invisible bridge forwarding traffic, and firewall with a few rules, like dropping torrent, standard ports (ssh, vnc...), and so. CPU loads stays in 0~5% range.

Any clue, please? Thanks in advance.

erlinden · May 28, 2026, 1:05pm

Did you place the rule at the correct place?
Why this exact version?

BartoszP · May 28, 2026, 1:05pm

Hi Fabricio,

The link I post is IMHO the most used one on the forum:

Fabricio · May 28, 2026, 2:19pm

Thanks, I'll give it a try,

teslasystems · May 28, 2026, 5:05pm

Does "Use IP firewall" enabled in bridge settings?

But if you don't have any mistakes with configuration, this combination feels like flash issues. Try NetInstall in this case.

Fabricio · May 28, 2026, 5:41pm

Rule moved to 1st position.

Just upgraded firmware to v 7.23.
Nothing changed.

Thanks for replying.

Fabricio · May 28, 2026, 5:42pm

Yes, that's enabled in settings.

Regarding problems with the flash, this already happened once, in 2022. At that time, a circuit board was replaced. I wouldn't be surprised if that happened again.

Appreciate your attention.