public carp and private wan ip adresses, how to build firewall rules for internet access
in my environment i have two pfsense boxes,
My question is, how can i configure the firewall rules to give a network access to the internet and block access to other interfaces/networks. Like a DMZ.
With a rule set to any - any and pass i can reach the internet but a rule with any - wan net and pass i can't access the internet.
Thanks for advice!
i figured out that this is working for my purposes:
But do i always need a block rule for all other interfaces? Is there nothing similar to a implicit deny rule? (like i see at a fortigate)