Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Does default deny policy rely on user defined rules?

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 250 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mikyniky
      last edited by

      In the docs it states In a default two-interface LAN and WAN configuration, pfSense software utilizes default deny on the WAN and default allow on the LAN.

      It's not clear to me if the above behavior is a result of inbuilt rules we cannot see in the GUI or due to the default rules installed on the LAN & WAN interfaces and new interfaces need to be appropriately configured with default rules.

      For example, if I create a new interface for a local VLAN is it default deny or do I have to add a deny all rule at the end? I'm partly confused because I see many configs posted with a 'catchall' rule at the end to block all traffic which I assume is redundant. My testing tells me that new interfaces are default deny without any additional rules but I would like to confirm this critical feature.

      Bob.DigB 1 Reply Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8 @mikyniky
        last edited by

        @mikyniky No rules means nothing is allowed. On WAN there are no rules, so nothing is allowed. On first LAN.... see yourself. 😉

        M 1 Reply Last reply Reply Quote 0
        • M
          mikyniky @Bob.Dig
          last edited by

          @bob-dig Thank you, makes sense, that's what I assumed.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.