Need help with Stateless rule

rogercwb

Re: Pfsense in Stateless mode

Hi,

I'm trying to create some rules with no state enable (just for learning, I know that Pfsense is a statefull firewall), I'm following what @jimp said in the link above, but I'm stuck.

Could someone point out what I'm doing wrong?

Just to recall what @jimp said:

In LAN-Source any to destination LAN segment(x.x.x.x/23)

This is backwards. Traffic inbound on LAN is from your LAN segment, not to.

Out WAN-Source Public subnet (y.y.y.y/z) to destination any

That is OK

In WAN-Source any to destination Public Subnet (y.y.y.y/z)

That is OK

Out LAN- Source LAN Segment (x.x.x.x/23) to Destination Any

This is backward. Traffic exiting the LAN is going to your LAN.

I did this:

pass in  quick on mvneta1 inet proto tcp from 192.168.10.0/24 to any flags S/SA no state label "USER_RULE: LAN - TCP in"
pass out quick on mvneta1 inet proto tcp from any to 192.168.10.0/24 flags S/SA no state label "USER_RULE: LAN - TCP out"

pass in  quick on mvneta2 reply-to (mvneta2 192.168.100.1) inet proto tcp from any to 192.168.100.0/24 flags S/SA no state label "USER_RULE: WAN - TCP in"
pass out quick on mvneta2 reply-to (mvneta2 192.168.100.1) inet proto tcp from 192.168.100.0/24 to any flags S/SA no state label "USER_RULE: WAN - TCP out"

But nothing pass on LAN Out.

mvneta1 = LAN
mvneta2 = WAN

I not connected directly to the link, my provider don't allow bridge connection.