• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

When should I block inbound?

Scheduled Pinned Locked Moved pfBlockerNG
4 Posts 3 Posters 640 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    wgstarks
    last edited by Dec 23, 2017, 6:47 PM

    I’ve just recently installed pfSense and pfblockerng and this is all a little outside my expertise.

    Most of the guides I’ve read have recommended using “deny both”, but with the default blocking of all inbound traffic I can see that “deny outbound” would probably make more sense.

    When and why would I ever need to deny inbound traffic? I’m sure there is a reason why this option was included.

    Box: SG-4200

    1 Reply Last reply Reply Quote 0
    • B
      BBcan177 Moderator
      last edited by Dec 27, 2017, 1:27 AM

      You only need to add rules to the Inbound, if you have any open WAN ports that you would like to filter on.

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 0
      • C
        cyberzeus
        last edited by Jan 3, 2018, 11:00 PM

        You only need to add rules to the Inbound, if you have any open WAN ports that you would like to filter on.

        To add to this, I think most guides say to use Deny Both because while you may start out with the default case of all unsolicited inbound WAN traffic being blocked, as soon as a single port is open for service, the game is afoot.  So, if you start out with Deny Both, then at least you're covered if something changes on the WAN and you forget to change your pfB protection.

        Personally, I use Floating for my pfB lists and have them attached to both WAN\LAN…

        1 Reply Last reply Reply Quote 0
        • B
          BBcan177 Moderator
          last edited by Jan 5, 2018, 3:04 PM

          @cyberzeus:

          You only need to add rules to the Inbound, if you have any open WAN ports that you would like to filter on.

          To add to this, I think most guides say to use Deny Both because while you may start out with the default case of all unsolicited inbound WAN traffic being blocked, as soon as a single port is open for service, the game is afoot.  So, if you start out with Deny Both, then at least you're covered if something changes on the WAN and you forget to change your pfB protection.

          Personally, I use Floating for my pfB lists and have them attached to both WAN\LAN…

          Keep in mind that adding rules to the WAN when there is no open Ports is wasting processing power of the box and flowing down queries as each inbound packet will go thru each table unnecessarily..  Your also going to fill the widget and logs with noise and miss out on the real events that were being blocked which should be investigated….

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received