Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Interface Groups and dns redirect

    Firewalling
    2
    4
    95
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • CatSpecial202C
      CatSpecial202
      last edited by CatSpecial202

      Hello, I wanted to set up a redirect for all my VLANs, so I followed the guide linked below. However, I created an interface group with all the VLANs and implemented the guide on that interface group. I understand that rules are processed in the following order: floating -> interface groups -> interfaces.

      Does this mean that interface groups are processed before the WAN interface? Will I encounter any issues with this guide if I use an interface group for these rules?

      Could interface groups potentially lock me out of the firewall?

      https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @CatSpecial202
        last edited by johnpoz

        @CatSpecial202 why create a group just put the rule in floating with the interfaces/vlans you want to apply set it to quick and on the inbound direction.

        Personally I would just create the rules on each interface - makes it easier to troubleshoot if you know where the rule is that is doing something. How many interfaces do you have? its simple enough to just copy the rule from one interface to another, etc. So unless you have like a 100 interfaces or something?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        CatSpecial202C 1 Reply Last reply Reply Quote 0
        • CatSpecial202C
          CatSpecial202 @johnpoz
          last edited by CatSpecial202

          @johnpoz I was looking at floating rules but all the options were intimidating. What makes individual rules per interface easier to troubleshoot? you can flip logging on easily per rule on each interface?

          I originally did copy each set of rules to each interface with the conversion tool, but the rules just started looking crowded.

          I'm really just trying to learn so wanted to try something different.

          But are group interfaces processed before WAN? I'm pretty sure I locked myself out of the GUI because of a block RFC1918 in the group interface. I had been working on setting up the network behind another firewall so was accessing it from the WAN subnet that was behind the other firewall.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @CatSpecial202
            last edited by

            @CatSpecial202 said in Interface Groups and dns redirect:

            What makes individual rules per interface easier to troubleshoot?

            because your looking in 1 place for all the rules that could effect traffic coming into this interface, vs looking at groups, is this interface in that group? Is the group rule correct for the source IP into specific interface? etc..

            But hey you do you.. Doing this since there were firewall, before actually - when they were just packet filters.. And seeing all the rules in one place in the specific order they are applied is easier ;)

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.