Blocks any traffic in the FORWARD chain

muswellhillbilly

By default PFS drops all traffic from the WAN side and allows all traffic from the LAN side. You don't say from where or how you want to drop packets, so I assume this is how you need it to be. Otherwise, you can remove the Default LAN -> any rule and put your own custom rules in place if that's what you mean.

n.vakili

thanks dear

it's mean traffic that comes from my (V)LANs and is not destined for the router (pfsense) itself will NOT be forwarded

traffic that comes from outside networks and is destined for machines on your (V)LANs will NOT be forwarded (even when NATting)
to 'get through' the router now, users have to enable the proxy settings in their OS / browsers (default port 3128)

cmb

There are no concepts of chains in pf. Just configure your firewall rules accordingly to allow traffic to the proxy and block everything else.

n.vakili

thanks

how can I do this to allow traffic to the proxy and block everything else.

can you please give me a tutorial

KOM

Just add a rule above your Allow All rule on your LAN and VLANs that blocks access to ports 80/443. You can either use two rules (one for each port), or create a port alias for 80 & 443 then create one rule that blocks access to that alias as the destination port.

n.vakili

thanks dear

Can you send me a screenshot or a complete tutorial because I am not familiar very well with pfsese

thanks

Derelict

SMH dear

n.vakili

'iptables -P FORWARD DROP'

I want to disable FORWARD Chain in Pfsense

thanks

muswellhillbilly

Here you go, darling:
https://doc.pfsense.org/index.php/Example_basic_configuration

KOM

Everyone: The use of terms of endearment are common with speakers from the Middle East. While they may appears out of place to us in a technical discussion, please don't mock them for it.

N.Vakili: See the diagram where I have created an alias called Web_Ports that holds 80 & 443. The rule is placed above the Default allow LAN to any rule. The effect of this rule is to block all access to the standard web ports.

LANRule.png_thumb

muswellhillbilly

@KOM:

Everyone: The use of terms of endearment are common with speakers from the Middle East. While they may appears out of place to us in a technical discussion, please don't mock them for it.

Noted. Though in truth I thought this was more a Google-translate error and was really gently mocking what I thought was a technical mishap on their part.