I’ve just added second ip to local bridge (10.10.10.1) and set address from that network on my zabbix server (10.10.10.2).
But webpage with zabbix opens very slowy and I figured out that the problem is default firewall rule “defconf: drop invalid”.
Webpage opens instantly then that rule disabled.
With logging enabled:
09:06:07 firewall,info INVALID forward: in:bridge-local out:ether1, src-mac 00:1d:7d:9d:76:ff, proto TCP (ACK,FIN), 192.168.0.236:2654->104.18.55.167:80, len 40
09:06:07 firewall,info INVALID forward: in:bridge-local out:bridge-local, src-mac 1c:6f:65:ed:82:b6, proto TCP (ACK,PSH), 192.168.0.16:10221->10.10.10.2:80, len 727
09:06:08 firewall,info INVALID forward: in:bridge-local out:bridge-local, src-mac 1c:6f:65:ed:82:b6, proto TCP (ACK,PSH), 192.168.0.16:10221->10.10.10.2:80, len 727
09:06:08 firewall,info INVALID forward: in:bridge-local out:bridge-local, src-mac 1c:6f:65:ed:82:b6, proto TCP (ACK,FIN,PSH), 192.168.0.16:10218->10.10.10.2:80, len 596
09:06:08 firewall,info INVALID forward: in:bridge-local out:bridge-local, src-mac 1c:6f:65:ed:82:b6, proto TCP (ACK,FIN,PSH), 192.168.0.16:10219->10.10.10.2:80, len 596
09:06:08 firewall,info INVALID forward: in:bridge-local out:bridge-local, src-mac 1c:6f:65:ed:82:b6, proto TCP (ACK,FIN,PSH), 192.168.0.16:10220->10.10.10.2:80, len 596
09:06:08 firewall,info INVALID forward: in:bridge-local out:bridge-local, src-mac 1c:6f:65:ed:82:b6, proto TCP (ACK,PSH), 192.168.0.16:10221->10.10.10.2:80, len 727
What is the problem and what should I do with that rule?