Inside out - egress filtering
-
Hi there is there a package that makes it easier to control the outgress traffic? Pfsense is a great firewall, no mistake about it, but as the number of IOT apparatus grows, I would like to control "anything" that goes out and establishes a connection.
By default the LAN can go everywhere, but this is, concerning the above, not a good thing. Egress filtering is a administrative burden, well to me it is 8) and as I am lazy, I like to automate everything.Thanks for all your thoughts and comments!
Cheers Qinn
-
Put your IOT equipment on its own subnet and do the following on the IOT interface:-
1st rule allow IOT net to this firewall DHCP, NTP, etc …
2nd rule block IOT net to LAN net
3rd rule allow IOT net to any -
Put your IOT equipment on its own subnet and do the following on the IOT interface:-
1st rule allow IOT net to this firewall DHCP, NTP, etc …
2nd rule block IOT net to LAN net
3rd rule allow IOT net to anyThanks for your advise, but here that was already the case, all IOT devices are in a different subnet and are rejected when trying to access any other subnet. Only a few selected subnets can reach this IOT subnet through a NAT rule.