Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense Firewall for Dummies

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 8.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X Offline
      xtropx
      last edited by

      I wanted to write a document clarifying the firewall in Pfsense, because I believe it is one of the most important aspects of pfsense to understand; everything relies on the proper rules. Unfortunately, it has come to my attention I do not know how to use them myself. I am trying to clarify this once and for all so I (and others) must no longer be ambiguous on what rule to create, I can just think of a scenario and know the proper rule.

      Note: In the first screenshots, "Accesspoint Net" is OPT2

      1) I am under the impression that firewall rules apply inbound on an interface. So logically these rules make sense to me:

      LAN:

      OPT

      Yet they do not work.

      2) Another way I have looked at this: packets enter pfsense's LAN from client machines (source: any), and asks the firewall, can I go to OPT? Logically, to me this says yes:

      LAN

      The packets are allowed in to the OPT interface. So traffic enters pfsense's OPT interface from the LAN client machines, destined for clients on it (destination: any) and asks the firewall, is my traffic accepted? Logically, to me this says yes:

      OPT

      The packets arrive at their destination and a reply is sent. The packets go out of OPT and back in to the LAN, where they once again ask, is my traffic accepted? Logically, to me, this says yes:

      LAN

      Yet these do not work either.

      1. I have created a set of rules that would logically allow TCP/UDP and ICMP from OPT1. These work. I have created an absolutely identical set of rules for OPT2 and these fail:
        http://i427.photobucket.com/albums/pp360/xtropx/LAN_RULES1.png
        http://i427.photobucket.com/albums/pp360/xtropx/OPT1RULES1.png
        http://i427.photobucket.com/albums/pp360/xtropx/OPT2RULES1.png

      Any assistance anyone can offer in helping clarify this huge part of pfsense would be invaluable both to me and those who come to the forums searching for answers on how to understand the pfsense firewall. Thanks in advance.

      Regards,

      xtropx

      1 Reply Last reply Reply Quote 0
      • C Offline
        cmb
        last edited by

        @xtropx:

        **1) I am under the impression that firewall rules apply inbound on an interface.

        They do, you have the source and destination backwards though. Traffic hitting the LAN rules will only be sourced from the LAN subnet. Read the firewall chapter in the book for detailed explanation. http://pfsense.org/book

        The basics are covered here.
        http://doc.pfsense.org/index.php/Firewall_Rule_Basics**

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.