Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow/Block all except some rules and how to disable firewall?

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 5 Posters 11.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      QuEsT147
      last edited by

      Hi all

      I am new to pfSense, so here are two newbie questions :)

      1. On every firewall there should be a possibility to Allow or Block all traffic except some defined rules. How to achieve this in pfSense?

      2. Is it possible to disable firewall completely, for example for testing purposes? How can I do it?

      Thanks for help.

      1 Reply Last reply Reply Quote 0
      • I
        Inderpreet
        last edited by

        Hi,

        I am also new to Pfsense, Maybe my reply can help you a -

        By default there is a LAN rule in PfSense which allow every request from every port from every host on network, So simply you can say firewall is by default disabled in PfSense initially.

        To Allow or Block all traffic except some defined rules yo can add your rules in firewall - rules from Pfsense dashboard.

        1 Reply Last reply Reply Quote 0
        • K
          kpa
          last edited by

          No, the firewall is not disabled by default. It is on but the default rules allow all incoming traffic on the LAN interface and allows all outgoing traffic on any interface. Incoming traffic on interfaces other than LAN is blocked by default. The default rules are crafted so that you have internet access from LAN hosts without changing anything in the firewall but still provides protection from attacks from outside.

          If you want to change this default behaviour to let's say block all by default and allow only selected LAN hosts/protocols/ports to connect, you'll have to change the firewall rules on the LAN interface and disable or delete the default pass all rule(s) and add your own rules.

          1 Reply Last reply Reply Quote 0
          • dotdashD
            dotdash
            last edited by

            To get back to the original question:

            1. The firewall is default deny. You need to adjust the rules to suit. Default configuration is machines on the LAN are allowed out and inbound traffic is denied. Go to firewall, rules to adjust.
            2. This can be done by going to advanced, firewall/nat. As it says, it also disables NAT.
            1 Reply Last reply Reply Quote 0
            • C
              Cmellons
              last edited by

              This is all you need to get started.

              https://doc.pfsense.org/index.php/Example_basic_configuration

              Also to disable the firewall completely if you should happen to get locked out because of a bad firewall rule just type pfctl -d in the console. It re-enables itself so there's no need to type pfctl -e after making the necessary changes.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.