Does it matter which interface tab I put my rules in?
-
One thing that is confusing me about pfSense:
I have three interfaces: LAN, WAN and DMZ and thus three rule tabs, one tab for each interface.
When I create a new rule in any of the three tabs, it gives me the option to choose which interface I want to make a rule for… even though it seems that would be implied based off of which tab I was working with already.
So my question is, does it really matter where the rules go? Are the tabs there simply to help you organize? If I create a rule for the DMZ interface in the LAN tab, does that matter? Does it make a difference if it was in the LAN tab instead of the DMZ tab?
Just a little bit confusing from an interface standpoint of view. So hopefully someone can clear it up for me. I have a feeling that it doesn't matter which tab the rules are in, but I just want to make sure.
-
It does matter. Changing that drop-down moves the rule to the tab for the interface you choose. Letting you pick the interface is an easy way to clone or move a rule to other interfaces.
Rules are processed as a packet enters the interface chosen for the rule, and they are evaluated in a top-down manner.
-
It does matter. Changing that drop-down moves the rule to the tab for the interface you choose. Letting you pick the interface is an easy way to clone or move a rule to other interfaces.
Rules are processed as a packet enters the interface chosen for the rule, and they are evaluated in a top-down manner.
That makes sense. Thanks!
-
The only difference when clicking the add button on different tabs is which interface is selected by default. When you select a different interface on the rule you are adding, it will appear on the tab for that interface, not the interface you clicked the add or edit button under.