Connection State, Where
-
Does pfSense firewall has connection state? If so, where to configure it? Or, what's the methodology for setting up connection state in pfSense?
-
You are going to have to be a lot more clear about what you are asking.
Diagnostics > States
System > Advanced, Firewall & NAT
Firewall > Rules
pfSense uses the mighty pf.
-
You are going to have to be a lot more clear about what you are asking.
Diagnostics > States
System > Advanced, Firewall & NAT
Firewall > Rules
pfSense uses the mighty pf.
Thanks Derelict for responding…to be clear, I would like on WAN a firewall rule to accept new connection, establish connection, and related connections then, drop other connections. How do I do that? I just Diagnostic > States...didn't what I expecting...just a simple filter established.
-
Still no clue what you're asking for.
-
PfSense already does all of that for you out of the box.
-
Still no clue what you're asking for.
Well, I am new to pfSense and coming from Mikrotik which had three connections state buttons (new, established, and related) both on the input stage (WAN) and the Forward stage (LAN) to speed up the router processing. It works in conjunction with caching services. It appears that KPA knows what I am speaking of below.
What do, States do, that you earlier mentioned (Diagnostics > States)?
-
@kpa:
PfSense already does all of that for you out of the box.
So, I take it that it's built-in and no need to configure…correct?
-
@kpa:
PfSense already does all of that for you out of the box.
So, I take it that it's built-in and no need to configure…correct?
Yes. Every new connection that is matched by a rule creates a new state and all traffic is matched against existing states to see if it's part of an existing state. This is the stateful packet inspection:
https://en.wikipedia.org/wiki/Stateful_firewall
"Keeping state" part here:
https://www.openbsd.org/faq/pf/filter.html
(OpenBSD documentation but still applies to pfSense for most parts) -
@kpa:
@kpa:
PfSense already does all of that for you out of the box.
So, I take it that it's built-in and no need to configure…correct?
Yes. Every new connection that is matched by a rule creates a new state and all traffic is matched against existing states to see if it's part of an existing state. This is the stateful packet inspection:
https://en.wikipedia.org/wiki/Stateful_firewall
"Keeping state" part here:
https://www.openbsd.org/faq/pf/filter.html
(OpenBSD documentation but still applies to pfSense for most parts)Thank you KPA for the link to excellent reading materials.