Pf "skip" rules - where is this in the GUI?
-
Hello!
where can I use in pfSense PF "skip" rules, for the GIF (tunnel) interface?
Greetz
sensemann -
Are you talking about skip rule when gateway is down, your gif is assigned to what interface and is being used as a gateway. Like in a HE tunnel?
That setting is in
System / Advanced / MiscellaneousSkip rules when gateway is down
Do not create rules when gateway is down By default, when a rule has a gateway specified and this gateway is down, the rule is created omitting the gateway. This option overrides that behavior by omitting the entire rule instead. -
Hi,
no, I mean the "set skip on gif0" option,
set skip on interface
Skip all PF processing on interface. This can be useful on loopback interfaces where filtering, normalization, queueing, etc, are not required. This option can be used multiple times. By default, this option is not set.from: https://www.openbsd.org/faq/pf/options.html
-
I don't see that option on any interface in pfsense gui..
I don't think that option is available in pfsense? I don't see it used behind the scenes with a pfctl -sa either.
-
mh, curios. :-\
wouldnt it be a good thing, to do a "set skip on gif0"
.. and then filter the packets on the related LAN/… interfaces? -
No. You always want to filter on the interface the traffic enters.
You can't manage traffic entering GIF on the LAN tab, a floating rule outbound on LAN maybe, but why would you want to let traffic enter the firewall before blocking it? Block it at the GIF interface. You do have to assign the GIF interface first so it gets its own firewall tab, if you haven't already.
