Rather than using any how do you refer to the "internet"?
yea last edited by
Say you have rules saying LAN Net can access anywhere on any port.
(I don't have that)
How/Can you on pfsense do you refer to the internet? (WAN Net? Wan IP? The firewall (self)?
dotdash last edited by
What's in a name? That which we call internet
By any other name would smell as sour
Wan net/Wan IP/self do not do what you want.
Use any, and block networks you specifically want blocked.
yea last edited by
Profound, but very helpful. Thank you :)
Harvy66 last edited by
Even "WAN" doesn't always mean "Internet". An "Internet" port only works in very simple cases.
The internet is really anything.. so yeah any is correct. If you want to limit that you could use say an alias that contains networks you don't want it to go to and then use a NOT or inverse rule (!) to say hey if your not going here - then ok..
But if you want to allow access to the internet, but not specific stuff then the normal way to do that would be to put rules above your any any rule that block the access you do not want to allow.
Wan net would never actually be the internet, even if have a public IP on it, its just the transit network you use to get to the rest of the internet nothing more.. There is going to be some specific mask on it that assigns the size of that network.. For example I get a public IP from my isp, that is 24.13.x.x/21 so all wan net means is 24.13.x.x/21 – this is just the "transit" network of my isp that I sit on with other customers more than likely ;) The internet is any other public IP that I use my isp to access.. My traffic will flow thru this transit, but that is not the internet ;)
If I put in a rule that says allow access to wan net (24.13.x.x/21 in my case) how would that allow me access to 188.8.131.52 or say forum.pfsense.org [184.108.40.206].