RULES: Allow http/https traffic and block everything else
-
Hello!
I recently installed pfsense in a Dual Core 2GB RAM PC.
I need to allow HTTP and HTTPS traffic, and block every other ports to prevent p2p, streaming, etc.
I followed these instructions:
http://pfsensesetup.com/egress-filtering-with-pfsense/
It seems pretty simple, but the thing is that when I disable the "Default allow LAN to any" it blocks everything, I mean all the ports EVEN http and https.
Is there anything wrong I am doing here??
I´d really appreciate any help.
Thanks in advance.
Regards. -
Firewall rules are processed top-down until first match is found. With the LAN to Any rule disabled, it should go to the next rule in your list. Can you provide a shot of your rules list?
-
KOM, thanks for the quick response!
I am not in front of the PC right now.
But I have all only two rules enabled, the one for http and the one for https (at the top)At the bottom, is the "default lan to any" rule in DISABLED state (grey).
Regards!
-
You might also need to add a rule for DNS (udp/tcp port 53).
-
Hum… DNS, sounds logical since I am not using pfSense as DNS Server.
I will try this, and I´ll let you know!Thanks in advance!
Regards! -
Hum… DNS, sounds logical since I am not using pfSense as DNS Server.
Even if you did use pfSense as the local DNS server/forwarder, I think you still would need a rule that allows DNS traffic towards pfSense.
-
You are right vindenesen, I was just reading this:
https://doc.pfsense.org/index.php/Example_basic_configuration
it seems I had to add that rule even if I use the primary router as DNS server.
I´ll let you know.
Regards!
-
It works perfect!
Http and https access is ok now.I checked p2p, and it doesnt work, so the rules are working.
Now I am on streaming filtering.
I ´ll open another thread for this.Thank you very much for your help!
Regards!