First block then allow

[epichub]

I am trying to allow a Lacie external drive to connect to my system. I have added it to the rules, but I now get a strange behaviour of the usbguard first blocking, then allowing the device. The end result is no block device available in my system ..

[104056.973773] usb 2-5: new SuperSpeed Gen 1 USB device number 9 using xhci_hcd
[104056.986508] usb 2-5: New USB device found, idVendor=059f, idProduct=108c, bcdDevice= 1.00
[104056.986514] usb 2-5: New USB device strings: Mfr=2, Product=3, SerialNumber=1
[104056.986518] usb 2-5: Product: Rugged USB-C
[104056.986521] usb 2-5: Manufacturer: LaCie
[104056.986523] usb 2-5: SerialNumber: 0000NL696EZK
[104056.986787] usb 2-5: Device is not authorized for usage
[104056.990195] usb 2-5: authorized to connect

The rule is

allow id <the-correct-id> serial "0000NL696EZK" name "Rugged USB-C" hash "JwP2cFm9u7BypM8YAF73Nr106ixKF0GrXhnXHdCorF0=" parent-hash "3Wo3XWDgen1hD5xM3PSNl3P98kLp1RUTgGQ5HSxtf8k=" via-port "2-5" with-interface { 08:06:50 08:06:62 } with-connect-type "hotplug"

[genodeftest]

The end result is no block device available in my system .

What do you mean by this sentence?

Can you see the device with lsusb or lsblk?

[ZoltanFridrich]

I believe this immediate block and allow process is the result of the device immediately getting blocked due to the default-policy target, then getting allowed because there is a rule found within a policy that allows it. This is mostly my guess. May I suggest you try setting default-policy-target to allow and placing a block rule to the end of your policy, so the devices will by default get allowed and then blocked after going through the policy. However, there might be some security issues to leave this short allow window before blocking.