Need help with Stateless rule
-
Hi,
I'm trying to create some rules with no state enable (just for learning, I know that Pfsense is a statefull firewall), I'm following what @jimp said in the link above, but I'm stuck.
Could someone point out what I'm doing wrong?
Just to recall what @jimp said:
In LAN-Source any to destination LAN segment(x.x.x.x/23)
This is backwards. Traffic inbound on LAN is from your LAN segment, not to.
Out WAN-Source Public subnet (y.y.y.y/z) to destination anyThat is OK
In WAN-Source any to destination Public Subnet (y.y.y.y/z)That is OK
Out LAN- Source LAN Segment (x.x.x.x/23) to Destination AnyThis is backward. Traffic exiting the LAN is going to your LAN.
I did this:
pass in quick on mvneta1 inet proto tcp from 192.168.10.0/24 to any flags S/SA no state label "USER_RULE: LAN - TCP in" pass out quick on mvneta1 inet proto tcp from any to 192.168.10.0/24 flags S/SA no state label "USER_RULE: LAN - TCP out" pass in quick on mvneta2 reply-to (mvneta2 192.168.100.1) inet proto tcp from any to 192.168.100.0/24 flags S/SA no state label "USER_RULE: WAN - TCP in" pass out quick on mvneta2 reply-to (mvneta2 192.168.100.1) inet proto tcp from 192.168.100.0/24 to any flags S/SA no state label "USER_RULE: WAN - TCP out"
But nothing pass on LAN Out.
mvneta1 = LAN
mvneta2 = WANI not connected directly to the link, my provider don't allow bridge connection.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.