Rather than using any how do you refer to the "internet"?
-
Say you have rules saying LAN Net can access anywhere on any port.
(I don't have that)
How/Can you on pfsense do you refer to the internet? (WAN Net? Wan IP? The firewall (self)?
Many thanks
-
What's in a name? That which we call internet
By any other name would smell as sourWan net/Wan IP/self do not do what you want.
Use any, and block networks you specifically want blocked. -
Profound, but very helpful. Thank you :)
-
Even "WAN" doesn't always mean "Internet". An "Internet" port only works in very simple cases.
-
The internet is really anything.. so yeah any is correct. If you want to limit that you could use say an alias that contains networks you don't want it to go to and then use a NOT or inverse rule (!) to say hey if your not going here - then ok..
But if you want to allow access to the internet, but not specific stuff then the normal way to do that would be to put rules above your any any rule that block the access you do not want to allow.
Wan net would never actually be the internet, even if have a public IP on it, its just the transit network you use to get to the rest of the internet nothing more.. There is going to be some specific mask on it that assigns the size of that network.. For example I get a public IP from my isp, that is 24.13.x.x/21 so all wan net means is 24.13.x.x/21 – this is just the "transit" network of my isp that I sit on with other customers more than likely ;) The internet is any other public IP that I use my isp to access.. My traffic will flow thru this transit, but that is not the internet ;)
If I put in a rule that says allow access to wan net (24.13.x.x/21 in my case) how would that allow me access to 8.8.8.8 or say forum.pfsense.org [208.123.73.18].
