How do I allow traffic from the firewall itself out to the Internet?

  • I had it before but I lost my ruleset. The main network hosts servers mostly, only rules from the outside in are needed.

    This is my ruleset,
    0_1548352306535_Screen Shot 2019-01-24 at 10.35.49.png

    The minute I replace the old source:any rule to the the source-scoped rule all sorts of stuff happens, I'm not sure what but the whole network get incredibly slow, as if resolving DNS or something. DNS server is alone on a DMZ, BTW, it has the opposite set of rules than the main network, only out to the Internet.

    I'm using several services on the firewall, I guess those are being blocked without an explicit rule allowing the firewall to connect. I don't know if to use its IP address as source or the loopback address block and since the network isn't completely I wouldn't know how to be 100% sure if any rule I create is working, if I forgot to kill states or didn't take or something else! Should I just create a REJECT rule and invert the source instead??

    Even traffic from the firewall GUI accessing from other VLANs gets, umm... "droppy" when I switch one rule for another. Thanks!

  • After a while the drops have mostly ceased. I guess I just needed to let it settle down. :)

    It might even have turned out better than before because now the ruleset is fully aliased even for the predefined ports, changing massive quantities of rules now required changing an alias--so, so cool. <3

    Why do the emojis get transformed into some lump figures? 🤨 They're if they melted in a horror movie for kids or something.

Log in to reply