General - Rule Order



  • I was wondering what the best rule order would be.

    pfSense Pass/Match | pfBPass/Match      | pfBBlock/Reject      | pfSense Block/Reject
    pfBPass/Match      | pfSense Pass/Match | pfBBlock/Reject      | pfSense Block/Reject
    pfBPass/Match      | pfBBlock/Reject    | pfSense Pass/Match  | pfSense Block/Reject
    pfBPass/Match      | pfBBlock/Reject    | pfSense Block/Reject | pfSense Pass/Match

    I would like to use:

    pfBPass/Match      | pfBBlock/Reject    | pfSense Pass/Match  | pfSense Block/Reject

    However, my concern in using this is the possibility of accidentally locking myself out of the server.  I
    have the:

    Firewall / Rules / LAN - Anti-Lockout Rule in place, but what I want to use seems to put that rule in
    danger.  Should I put some kind of Anti-Lockout Rule somewhere in pfBPass/Match also?

    Thanks


  • Moderator

    You can try to use the "Adv. In/out" rule settings to create a pfB rule. The customlist at the bottom of the alias settings can be used to add IPs. Entering "0.0.0.0/0" for "any".

    Alternatively, use "Alias type" rules and configure the pfB rules as required.


Log in to reply