How do I allow traffic from the firewall itself out to the Internet?
-
I had it before but I lost my ruleset. The main network hosts servers mostly, only rules from the outside in are needed.
This is my ruleset,
The minute I replace the old source:any rule to the the source-scoped rule all sorts of stuff happens, I'm not sure what but the whole network get incredibly slow, as if resolving DNS or something. DNS server is alone on a DMZ, BTW, it has the opposite set of rules than the main network, only out to the Internet.
I'm using several services on the firewall, I guess those are being blocked without an explicit rule allowing the firewall to connect. I don't know if to use its IP address as source or the loopback address block and since the network isn't completely I wouldn't know how to be 100% sure if any rule I create is working, if I forgot to kill states or didn't take or something else! Should I just create a REJECT rule and invert the source instead??
Even traffic from the firewall GUI accessing from other VLANs gets, umm... "droppy" when I switch one rule for another. Thanks!
-
After a while the drops have mostly ceased. I guess I just needed to let it settle down. :)
It might even have turned out better than before because now the ruleset is fully aliased even for the predefined ports, changing massive quantities of rules now required changing an alias--so, so cool. <3
Why do the emojis get transformed into some lump figures? 🤨 They're odd..like if they melted in a horror movie for kids or something.
