Is my current firewall config insecure?
-
Hi,
Under Firewall/Rules/WAN I have the following config:
IPv4, source=* port=, destination=LAN net, port=
Is this a dangerous/insecure configuration?
If I understand correctly this means pfSense will forward any traffic received on interface WAN destined for my LAN network, with any destination port.
Does this open my network to external attacks?
Previously I have configured a Debian machine as a router. I am no expert, but I remember having some setting which only permitted established connections to pass? (aka: connections initiated by computers on my LAN network.)
By the way outgoing traffic on WAN is set to NAT.
-
yep, your intuition is accurate - this would not be an ideal configuration. by default no rules on the wan interface pfsense will block all incoming traffic. this is pretty secure. i usually put a drop all anyway on the way - makes me feel better.
-
Ok, thanks for the info! I've fixed it. Don't remember why those rules were there. I may have put them by accident.
Presumably pfSense automatically tracks states, such that outgoing connections can accept a reply from the outside world.
(Well, it must do, or it wouldn't work, right?)
-
@hypernova said in Is my current firewall config insecure?:
automatically tracks states, such tha
yep... its statefull - so it will allow reply traffic without specific allow on the wan side. your safe now. ;)