Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dynamic firewall rules according to the user

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 4 Posters 7.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lylian
      last edited by

      Hi everybody!

      Of which nature is the base in pfsense? (text, SQL, etc.)
      And is it possible to create dynamic Firewall rules according to the user? Not to authorize all for all users….
      Thank you in advance!

      lyl

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Not sure I get you right but all settings are stored in a single xml file (see diagnostics>backup/restore, download).

        I also don't understand what you mean with "dynamic rules" so I'll take another guess here: you probably want something like the captive portal (let users authenticate before they can pass) or use static DCHP mappings with appropriate firewall rules based on the assigned client IP. Use static ARP to harden your rules and precent users from setting their IPs manually.

        1 Reply Last reply Reply Quote 0
        • JeGrJ
          JeGr LAYER 8 Moderator
          last edited by

          Perhaps he is meaning sth like authpf?

          Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

          If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

          1 Reply Last reply Reply Quote 0
          • L
            lylian
            last edited by

            hi!

            n fact my question is:
            It is possible to filter (HTTP, ftp…) in function to  the login used
            For example I have a login "test", for this login I want only HTTP....
            I have login "test2", for this login only FTP and http....
            It is in connection with the captive gate, version PFsense beta 4

            thank you in advance..
            lylian

            1 Reply Last reply Reply Quote 0
            • JeGrJ
              JeGr LAYER 8 Moderator
              last edited by

              As I haven't seen authpf in pfsense until yet (a pity, but I don't know how hard it would be to implement, but it sure would be a nice addition to captive portal), I'd say you could do it, if you map your users to a definite IP each and configure rules for that IP. You could e.g. use DHCP with their MACs and so map User A to IP x.x.x.a and user B to IP x.x.x.b.
              IP-based filtering is not that nice, I know, and far from being fool proof. But I am curious if there are other methods already in pfSense (perhaps HEAD)?! :)

              Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

              If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

              1 Reply Last reply Reply Quote 0
              • S
                sullrich
                last edited by

                @Grey:

                As I haven't seen authpf in pfsense until yet (a pity, but I don't know how hard it would be to implement, but it sure would be a nice addition to captive portal), I'd say you could do it, if you map your users to a definite IP each and configure rules for that IP. You could e.g. use DHCP with their MACs and so map User A to IP x.x.x.a and user B to IP x.x.x.b.
                IP-based filtering is not that nice, I know, and far from being fool proof. But I am curious if there are other methods already in pfSense (perhaps HEAD)?! :)

                No.  Patches accepted.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.