@m0nji said in Whitelist-Ansatz für Windows- und Programmebene: Allen nicht explizit legitimierten (ausgehenden) Datenverkehr unterbinden: @jegr said in Whitelist-Ansatz für Windows- und Programmebene: Allen nicht explizit legitimierten (ausgehenden) Datenverkehr unterbinden: Snort+OpenAppID Application Filtering on pfSense ist vollkommen an mir vorbei gegangen. Danke für die Richtigstellung. Kein Problem, gerne. Steht leider noch auf meinem ToDo Zettel zum Testen aber leider dank Krankheit und Arbeit noch nicht dazu gekommen ;)

Yeah looks like your whited out a huge amount of rules? Also even the rules can see make no sense You have an any rule that says hey DMZ net if your NOT going to lan net your allowed. Well below that a rule that says blocking going to 192.168.2/24 which is Dev Net? Why would that not be allowed in the dmz to NOT lan net rule? Do you have downstream networks other than dmz net connected... And then below another rules that says block dev net, is that not 192.168.2/24 that you already blocked above, etc. Please do not hide rules if you want help.. Its very simple. Rules are evaluated top down as traffic enters an interface. If a rule matches it wins and no other rules are evaluated. So run through your rules from the top. To see if traffic should be allowed or blocked. If you have a rule that blocks before an allow - and your still seeing allowed traffic then you prob have to clear a state from before you created that rule. As to that rule on top blocking - if this firewall then it should. But don't know about his states, nor what he has in the alias.