Firewall rules
-
I did, this is output…
And other screenshot where I want to add share nad FW blocks access which is absolutely correct...
-
Give the rules descriptions! And isolate the log entry where port 80 is allowed.
-
I have to add log options to EVERY rule on ALL interfaces??
Strange is, when I accessed port 80 there was no firewall entry for this port?
-
Ahhhhh ohhhh crap :)
Found reason…I have HAVP antivirus package installed :)
That explains everything now, I disabled it and rules are working OK :) -
No matter how crappy the HAVP thing is… I'd still strongly recommend to clean up the rules mess, whole lot of good notes above, incl. the rules descriptions.
-
Ummm this is my home network…
On public I have 4 rules and on lan I have 2 rules...
What mess do I have I don`t understand :)
-
"What mess do I have I don`t understand"
What is suppose to be the point of the 3rd allow rule for !lan net (not lan net) in your firewall pic http://forum.pfsense.org/index.php?action=dlattach;topic=65903.0;attach=35278
If that is on the wan (public) inteface.. Where else would the traffic be going? It would seem to allow anything to hit the wan inteface since the destination would be the public (wan) interface IP.
If that is on your lan network.. Then none of them make any sense.
BTW are you natting.. You have a private IP on your wan (public) interface - so if your just wanting to control traffic on your internal network natting would not make any sense. But this is default setup, so curious if you turned it off or not?
-
LOL, read again my friend…
I have WAN - pppoe
1. LAN: 10.10.0.0/24
2. PUBLIC: 172.16.16.0/24PUBLIC is ment to be the second lan for guests and 3rd rule allows users on 172.16.16.0/24 to access everything BUT my LAN subnet which is private to me...
PUBLIC is just a name I gave, maybe GUEST would be better to understand :)And BTW, on pfsense rules tab, WAN is NEVER marked as PUBLIC but always as WAN 8) , see screenshot again.
As far as I`m concerned these rules make perfect sense, are not redundant etc...
-
Rules make sense, but yeah - GUEST is less confusing.
I could label my WAN as LAN and my LAN as WAN and all would work fine but it would confuse the hell out of everyone but me.
Anyway - This is a language thing I think and you already seem to have figured that out.
-
Or how about Lan2? This makes it really clear its a "lan" interface ;)
Public to me means INTERNET.. I would love to see a survey of network IT guys given the term public - is that a lan or wan type network and see what the responses are ;)
-
OK, I`m glad we solved it out :)
I even renamed the damn thing haha :)
