Question: Moving from Cisco PIX to pfSense
mikelarry last edited by
I'm going to replace a Cisco PIX 515E firewall (3-interface) with pfSense (3-interface) and have a question relating to firewall rules in pfSense.
The PIX right now has a few rules to allow/deny the IP protocol (not TCP, UDP, or ANY protocol). When I create rules under pfSense the only rules listed are (TCP, UDP, TCP/UDP, etc.) –there is no IP protocol.
Is the TCP/UDP selection under pfSense equivalent to the IP protocol under the PIX or would I have to add seperate/additional rules to allow or deny tcp/udp, ICMP, routing protocols, etc.??
I know the IP (layer 3) protocol is below TCP and UDP (layer 4) in the OSI layer stack and includes ICMP and routing protocols.
Thanks in advance!
GruensFroeschli last edited by
I think "any" is what you want.
If you specify TCP or UDP you dont do much else than ignore packets which have a different protocol number in the bits 72-80 of the IP header.
Yes, unless you use an "any" rule you have to specify a rule for each protocol.