4. Asterisk vs explicit net in source field

Asterisk vs explicit net in source field

  • J

    I'm trying to understand the significance and difference of having an asterisk vs the specific network in the source field for a firewall rule under a specific interface.

    To be more clear, in the screenshot, I'm currently in the VLAN10 tab set of rules. One rule explicitly has VLAN10 as a source and another as an asterisk. But since I'm under the VLAN10 tab and because rules are relative to the interface (incoming) does "*" mean the same as "VLAN10"? When would you use either?
    ![Screen Shot 2018-02-02 at 7.02.32 PM.png](/public/imported_attachments/1/Screen Shot 2018-02-02 at 7.02.32 PM.png)
    ![Screen Shot 2018-02-02 at 7.02.32 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2018-02-02 at 7.02.32 PM.png_thumb)

    0
  • Netgate

    LAN net is the subnet of the LAN interface. So if you have LAN numbered as 192.168.1.1/24, LAN net is 192.168.1.0/24

    * is any meaning any source address will match that rule.

    Most prefer to use LAN net because there is no reason to allow traffic in that should not be coming in.

    Unless there is a reason such traffic should be allowed in such as a downstream router with subnets other than 192.168.1.0/24 behind it.

    I don't see anything wrong with that any block rule there.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy