Pf "skip" rules - where is this in the GUI?



  • Hello!

    where can I use in pfSense PF "skip" rules, for the GIF (tunnel) interface?

    Greetz
    sensemann


  • LAYER 8 Global Moderator

    Are you talking about skip rule when gateway is down, your gif is assigned to what interface and is being used as a gateway.  Like in a HE tunnel?

    That setting is in
    System / Advanced / Miscellaneous

    Skip rules when gateway is down
    Do not create rules when gateway is down By default, when a rule has a gateway specified and this gateway is down, the rule is created omitting the gateway. This option overrides that behavior by omitting the entire rule instead.



  • Hi,

    no, I mean the "set skip on gif0" option,

    set skip on interface
        Skip all PF processing on interface. This can be useful on loopback interfaces where filtering, normalization, queueing, etc, are not required. This option can be used multiple times. By default, this option is not set.

    from: https://www.openbsd.org/faq/pf/options.html


  • LAYER 8 Global Moderator

    I don't see that option on any interface in pfsense gui..

    I don't think that option is available in pfsense?  I don't see it used behind the scenes with a pfctl -sa either.



  • mh, curios.    :-\

    wouldnt it be a good thing, to do a "set skip on gif0"
    .. and then filter the packets on the related LAN/… interfaces?


  • Rebel Alliance Developer Netgate

    No. You always want to filter on the interface the traffic enters.

    You can't manage traffic entering GIF on the LAN tab, a floating rule outbound on LAN maybe, but why would you want to let traffic enter the firewall before blocking it? Block it at the GIF interface. You do have to assign the GIF interface first so it gets its own firewall tab, if you haven't already.


Log in to reply