Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hardening firewall order rules

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 2 Posters 607 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Antibiotic
      last edited by

      Could some1 with more experience to check if firewall rules are correct order from top to down? Is it right order or need to change?
      Screenshot_4-4-2024_466_192.168.10.1.jpeg
      Last rule with outgoing ports, trying to restrict LAN with only certain ports to communicate with internet.

      pfSense plus 24.11 on Topton mini PC
      CPU: Intel N100
      NIC: Intel i-226v 4 pcs
      RAM : 16 GB DDR5
      Disk: 128 GB NVMe
      Brgds, Archi

      S A 2 Replies Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @Antibiotic
        last edited by

        @Antibiotic seems reasonable to me. This is on the WIFI interface I take it?
        Rules process in order.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote ๐Ÿ‘ helpful posts!

        1 Reply Last reply Reply Quote 0
        • A
          Antibiotic @Antibiotic
          last edited by

          @Antibiotic said in Hardening firewall order rules:

          Could some1 with more experience to check if firewall rules are correct order from top to down? Is it right order or need to change?
          Screenshot_4-4-2024_466_192.168.10.1.jpeg
          Last rule with outgoing ports, trying to restrict LAN with only certain ports to communicate with internet.

          Correction rules!
          Screenshot_4-4-2024_142429_192.168.10.1.jpeg

          pfSense plus 24.11 on Topton mini PC
          CPU: Intel N100
          NIC: Intel i-226v 4 pcs
          RAM : 16 GB DDR5
          Disk: 128 GB NVMe
          Brgds, Archi

          A 1 Reply Last reply Reply Quote 0
          • A
            Antibiotic @Antibiotic
            last edited by

            @Antibiotic Also firewall rule have advanced option called " TCP Flags
            FIN SYN RST PSH ACK URG ECE CWR" Is any recommendation to set of TCP Flags or to out of, for home user? Second option Max state and Max connection for home users?

            pfSense plus 24.11 on Topton mini PC
            CPU: Intel N100
            NIC: Intel i-226v 4 pcs
            RAM : 16 GB DDR5
            Disk: 128 GB NVMe
            Brgds, Archi

            S 1 Reply Last reply Reply Quote 0
            • S
              SteveITS Galactic Empire @Antibiotic
              last edited by

              @Antibiotic I have never had to set those advanced rule settings.

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote ๐Ÿ‘ helpful posts!

              A 1 Reply Last reply Reply Quote 0
              • A
                Antibiotic @SteveITS
                last edited by

                @SteveITS Could you please assist with OpenVPN, don't understanding where is my mistake with settings?
                https://forum.netgate.com/post/1161108

                pfSense plus 24.11 on Topton mini PC
                CPU: Intel N100
                NIC: Intel i-226v 4 pcs
                RAM : 16 GB DDR5
                Disk: 128 GB NVMe
                Brgds, Archi

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.