Understanding basic firewalling rules



  • So I think I understand the basic premise, each interface is its own "network", and the firewall is controlling what can and can't flow between networks (the networks are segmented by both subnet and VLan so the router is the only point where all the networks openly converge), default is nothing can go between networks, and you create rules to slowly allow/reject specifics as needs arise, I have this correct?

    The issue I was having, and someone tried to explain it to me on a Reddit discord chat, but I was not comprehending very well, was how to actually route between the networks.

    For example, I want a rule that OPT1 network (privUsers is its name), can access the internet, and OPT2 network (untrustUsers) can access the internet, but at no time should anything on privUsers be accessible from untrustUsers, or vice versa. The user, in particular, was suggesting I do this weird thing with RFC denying on each network and it was getting really confusing and seemed way over complicated for just giving a network private internet access, without giving it access to the rest of the networks..

    Another example, I want a rule that privUsers network can access a specific server on OPT3 (serverNet) but nothing else on that network.

    I have many more examples of different inter-network routes I am trying to configure, but I think really my issue is a lacking understanding of how to actually develop the rules in the first place, I think if someone could help me comprehend how firewalls work, how the rules work, I want to hopefully actually understand this instead of just being told how to do it without any real explanation, if anyone could help me understand this, it would be greatly appreciated :)



  • Hi,

    The principals of a firewall are always the same, using pfSense, or some other system, OS, etc.

    In the past, and I'm not talking centuries here, the very basic concept of a firewall would take a year or so for a student to learn. And this wasn't on high school or something like that.
    These days, we are obliterated by the cheer number of books, Internet discussions, and videos about the subject.

    I advise you to start with reading general wiki pages - and have a look at this : https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A/videos - there is a video called Firewall and NAT Fundamentals on pfSense that should see.

    When you test for yourself, always start as simple as possible. Always check your works.

    You can see pfSense as a car. The car builder won't learn you how to drive ^^

    Btw : Your first paragraph : you are correct.


Log in to reply