Inside out - egress filtering



  • Hi there is there a package that makes it easier to control the outgress traffic? Pfsense is a great firewall, no mistake about it, but as the number of IOT apparatus grows, I would like to control "anything" that goes out and establishes a connection.
    By default the LAN can go everywhere, but this is, concerning the above, not a good thing. Egress filtering is a administrative burden, well to me it is 8) and as I am lazy, I like to automate everything.

    Thanks for all your thoughts and comments!

    Cheers Qinn


  • Galactic Empire

    Put your IOT equipment on its own subnet and do the following on the IOT interface:-

    1st rule allow IOT net to this firewall DHCP, NTP, etc …
    2nd rule block IOT net to LAN net
    3rd rule allow IOT net to any



  • @NogBadTheBad:

    Put your IOT equipment on its own subnet and do the following on the IOT interface:-

    1st rule allow IOT net to this firewall DHCP, NTP, etc …
    2nd rule block IOT net to LAN net
    3rd rule allow IOT net to any

    Thanks for your advise, but here that was already the case, all IOT devices are in a different subnet and are rejected when trying to access any other subnet. Only a few selected subnets can reach this IOT subnet through a NAT rule.


Log in to reply