Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Understanding basic firewalling rules

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 374 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      derian00
      last edited by

      So I think I understand the basic premise, each interface is its own "network", and the firewall is controlling what can and can't flow between networks (the networks are segmented by both subnet and VLan so the router is the only point where all the networks openly converge), default is nothing can go between networks, and you create rules to slowly allow/reject specifics as needs arise, I have this correct?

      The issue I was having, and someone tried to explain it to me on a Reddit discord chat, but I was not comprehending very well, was how to actually route between the networks.

      For example, I want a rule that OPT1 network (privUsers is its name), can access the internet, and OPT2 network (untrustUsers) can access the internet, but at no time should anything on privUsers be accessible from untrustUsers, or vice versa. The user, in particular, was suggesting I do this weird thing with RFC denying on each network and it was getting really confusing and seemed way over complicated for just giving a network private internet access, without giving it access to the rest of the networks..

      Another example, I want a rule that privUsers network can access a specific server on OPT3 (serverNet) but nothing else on that network.

      I have many more examples of different inter-network routes I am trying to configure, but I think really my issue is a lacking understanding of how to actually develop the rules in the first place, I think if someone could help me comprehend how firewalls work, how the rules work, I want to hopefully actually understand this instead of just being told how to do it without any real explanation, if anyone could help me understand this, it would be greatly appreciated :)

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        The principals of a firewall are always the same, using pfSense, or some other system, OS, etc.

        In the past, and I'm not talking centuries here, the very basic concept of a firewall would take a year or so for a student to learn. And this wasn't on high school or something like that.
        These days, we are obliterated by the cheer number of books, Internet discussions, and videos about the subject.

        I advise you to start with reading general wiki pages - and have a look at this : https://www.youtube.com/channel/UC3Cq2kjCWM8odzoIzftS04A/videos - there is a video called Firewall and NAT Fundamentals on pfSense that should see.

        When you test for yourself, always start as simple as possible. Always check your works.

        You can see pfSense as a car. The car builder won't learn you how to drive ^^

        Btw : Your first paragraph : you are correct.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.