Outgoing Rules
-
Hi all, I've recently moved from smoothie express and was wanting to be able to restrict my outgoing traffic and set up some basic outgoing rules. Please see my uploaded screenshot for my rule details.
When I disable the stock 'Default allow LAN to any rule' and enable my 80 and 443 traffic I cannot browse the web from my LAN… According to the tutorial (http://doc.pfsense.org/index.php/Example_basic_configuration) all I need to enable to browse the web and get updates. I've tried adding port 53 on there too but it makes no difference.
It's probably something really simple that I'm overlooking. A quick pointer would be greatly appreciated!
-
should work fine … check your firewall logs to see what is blocked and why.
-
if = LAN
source = 192.168.1.2:40798
destination = 192.168.1.1:53
protocol = UDPThere are quite a few of these with source ports in the higher random ranges. Interestingly, I disabled default allow any LAN rule and left both the anti lockout and bogon rules enabled and was still able to browse the www… is this meant to happen? I'm getting confused!
-
You need a rule to allow TCP/UDP 53 for DNS. You can browse only by IP with the rules you have in place there once you disable the default LAN rule. And can browse by DNS to any site that your client OS and browser has cached from before disabling that rule.
-
Thanks cmb! I had tried that shortly after posting and noticed it worked but I'm sure I read somewhere that pfsense didn't require you to specify DNS as an outgoing rule? Maybe I'm wrong… Thanks very much though!
-
You still have to do DNS or any other service you are running on LAN. The anti-lockout rule only applies to access in the management tools (in my case tcp port 80,443,22). DNS would be blocked.