Specify incoming and outgoing interface when using bridged firewalling
-
I just installed pfSense this morning.
I can only say I love it!!
Easy to configure, clear intuitive interface, fast (nobody notices it is sitting in between)Yet one thing 'bothers' me a bit.
When I add a rule I can specify the incoming interface, the source and the destination.
What I am missing here is the outgoing interface.Say I have two interfaces LAN and WAN.
LAN has 172.16.0.242/24
WAN has 172.16.0.241/24
Behind the LAN there is a 172.16.0.0/24 subnet
In front of the WAN there is a router with 172.16.0.252.
When I create a rule that allows bittorent traffic from the WANside to a specific host on the LANside and I specify ! LAN Subnet as the source (which made sense to me), While in fact I wanted to not allow traffic through the firewall if it shouldn't have to go through.
Unfortunately since both interfaces are in the same subnet, if I block all traffic destined for an internal host form the LAN subnet, I disable all traffic.
What I would want then is to specify a incoming interface and an outgoing interface when firewalling.
Say I have a remote bittorrent client that connects to my router, which forwards to an internal host (on the LAN side) therefore goes through the firewall and is then allowed. When for some reason a connection which originates from the LAN subnet comes in through the WAN interface, I wan't to block that.Alternatively, would it suffice to set a different IP (on an unroutable subnet) on the wan interface?
Hope this is clear.
Thanks in advance