Can i map fw rules to interfaces?
-
Hi,
As i wrote in topic can i map fw rules to intrerfaces. I have 5 vlans and i want to limit
telnet/ssh access to my mgmt vlan. When i put rules in mgmtvlan rule set tab, which allows
telnet and ssh some vlans and drops all other traffic it wont work. I have prod net rule
allow any to any so it match this and there seems to be no rule check in mgmtnet. When
i take http connection to mgmt net and it goes pass. If pfsense looks only incomming traffic,
then those tabs is quite useless in bigger enviroment (i think). Any suggestion how i resolve
this?Br,
Ville
-
You are allowing "prod net rule allow any to any" - your firewall is doing exactly that!
change the rule to "allow any to !mgmt"…. -
FYI:
! = NOT for the non programmer geeks.
-
You are allowing "prod net rule allow any to any" - your firewall is doing exactly that!
change the rule to "allow any to !mgmt"….Yes i know this, but id like to know can i map rules to interfaces. Eg. Packet flow
is something like this:Packet in Int1 -> Check against int1 rules -> Packet routed to Int2 -> Check against Int2 rules.
If this is not posible i think i try to modify that Firewall: Rules page so that i cab see all my rules
in one page (like checkpoint). I think this way i can get more cleaner picture how my fw rules are checked.Br,
Ville