Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Rather than using any how do you refer to the "internet"?

    Firewalling
    4
    5
    348
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yea last edited by

      Say you have rules saying LAN Net can access anywhere on any port.

      (I don't have that)

      How/Can you on pfsense do you refer to the internet? (WAN Net? Wan IP? The firewall (self)?

      Many thanks

      1 Reply Last reply Reply Quote 0
      • dotdash
        dotdash last edited by

        What's in a name? That which we call internet
        By any other name would smell as sour

        Wan net/Wan IP/self do not do what you want.
        Use any, and block networks you specifically want blocked.

        1 Reply Last reply Reply Quote 0
        • Y
          yea last edited by

          Profound, but very helpful. Thank you :)

          1 Reply Last reply Reply Quote 0
          • H
            Harvy66 last edited by

            Even "WAN" doesn't always mean "Internet". An "Internet" port only works in very simple cases.

            1 Reply Last reply Reply Quote 0
            • johnpoz
              johnpoz LAYER 8 Global Moderator last edited by

              The internet is really anything.. so yeah any is correct.  If you want to limit that you could use say an alias that contains networks you don't want it to go to and then use a NOT or inverse rule (!) to say hey if your not going here - then ok..

              But if you want to allow access to the internet, but not specific stuff then the normal way to do that would be to put rules above your any any rule that block the access you do not want to allow.

              Wan net would never actually be the internet, even if have a public IP on it, its just the transit network you use to get to the rest of the internet nothing more.. There is going to be some specific mask on it that assigns the size of that network.. For example I get a public IP from my isp, that is 24.13.x.x/21 so all wan net means is 24.13.x.x/21 – this is just the "transit" network of my isp that I sit on with other customers more than likely ;)  The internet is any other public IP that I use my isp to access.. My traffic will flow thru this transit, but that is not the internet ;)

              If I put in a rule that says allow access to wan net (24.13.x.x/21 in my case) how would that allow me access to 8.8.8.8 or say forum.pfsense.org [208.123.73.18].

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy