Question on one of my rules (or more)
-
For that one rule the LAN -> LAN pass.
Is there ANY, not just usual, but any (if the only situation would be LAN->This Firewall, I want to change it to that.)Other than that, is there anything else that should be changed or simplified?
The "Local_Networks" alias in the "LAN -> Local_Networks" is an alias containing the subnets for all interfaces I have, so I can put a block above the allow any rule and then just pass the inter-interfact traffic I want. (Such as letting the printer communicate with the guest network)
(And the LAN_DHCP -> * block is to block people who pull a DHCP address from getting online if they fall in the DHCP range rather than the static leases I assigned, as a quick way to find people who plug into the wrong network. This is a home network, so I just smack people upside the head when they do this if I get the "I can't get online" bit)
-
What rare event to you anticipate that involves traffic for LAN net being routed to your LAN interface?
-
What rare event to you anticipate that involves traffic for LAN net being routed to your LAN interface?
Something from LAN to Firewall (other than the ports in anti-lockout) or LAN to Virtual IP on firewall.
(More specifically that second one as I don't know if the "This Firewall" option would cover that.) -
Yes. A better way to do what you want without source LAN net dest LAN net would be source LAN net dest LAN address.
But on 2.2+ This Firewall is the way to go.
-
Yes. A better way to do what you want without source LAN net dest LAN net would be source LAN net dest LAN address.
But on 2.2+ This Firewall is the way to go.
I'll change it to "This Firewall" over the weekend and then I'll do a test with the virtual IP case to see if PFSense handles that or if it's covered by the switching layer.