Need recommendation on firewall rule setup

  • hi,
    I am new to the firewall setup… looking for recommended firewall rules for the following network setup.

    WAN (connected to internet with dynamic IP from ISP)
    LAN Interface (192.168.10.x)

    I want to prevent any unwanted inbound traffic to my network.. also I want to protect a server and network storage to be able to have access only from inside the LAN for specific IP/MAC and no access from internet.

    What sort of firewall rules I should configure or do I have to add other interfaces as best practice.

  • You can forget about anything inside the LAN, as it won't pass through pfSense.  Also, MAC filtering, on inbound traffic is useless, even if it was supported, as MAC addresses don't make it through routers.

  • LAYER 8 Global Moderator

    Out of the box pfsense does not allow any unsolicited inbound, so nothing to do there.

    But JKnott is correct devices on the same network do not talk to pfsense to talk to other devices on the same network, other than maybe a dns lookup of the name.. If you want to leverage pfsense to control access between devices on your network you would have to put them on 2 different subnet/vlans where pfsense controls the access between them.

    Other option would be firewall running on the specific device to prevent others in its same network from talking to it.

Log in to reply