<![CDATA[Source/Destination Interface and IP Range]]>Hi All,

On normal hardware firewalls (FortiNet/Palo) when you create a Firewall rule you specify the ingress and egress interface along with the source and destination IP ranges.

Is this not possible on pfSense?

Thanks

]]>https://forum.netgate.com/topic/157659/source-destination-interface-and-ip-rangeRSS for NodeTue, 19 May 2026 23:00:00 GMTFri, 16 Oct 2020 22:17:42 GMT60<![CDATA[Reply to Source/Destination Interface and IP Range on Sat, 17 Oct 2020 18:27:51 GMT]]>@jmarston said in Source/Destination Interface and IP Range:

This doesn't really work for me as I have multiple interfaces.

So create an alias, add all concerned networks to it and use it as destination in the rule.

]]>https://forum.netgate.com/post/940759https://forum.netgate.com/post/940759Sat, 17 Oct 2020 18:27:51 GMT<![CDATA[Reply to Source/Destination Interface and IP Range on Sat, 17 Oct 2020 18:22:07 GMT]]>@jmarston said in Source/Destination Interface and IP Range:

@viragomann said in Source/Destination Interface and IP Range:

The egress interface is given by routes for the destination IP. So why will you set it in a filter rule?

If you're looking for a function to direct the traffic to a specific gateway, you can do this by a policy routing rule.

What about if I want to allow all traffic from LAN to WAN but not allow traffic to another interface e.g LAN2.

On a FortiNet firewall I would only have to create one rule, on pfSense I have to create the allow rule and a deny rule to the IP address range of LAN2.

This doesn't really work for me as I have multiple interfaces.

]]>https://forum.netgate.com/post/940758https://forum.netgate.com/post/940758Sat, 17 Oct 2020 18:22:07 GMT<![CDATA[Reply to Source/Destination Interface and IP Range on Sat, 17 Oct 2020 18:04:15 GMT]]>You can add a pass rule which allows any destination but LAN2 by checking "invert" and selecting "LAN2 net".

]]>https://forum.netgate.com/post/940757https://forum.netgate.com/post/940757Sat, 17 Oct 2020 18:04:15 GMT<![CDATA[Reply to Source/Destination Interface and IP Range on Sat, 17 Oct 2020 17:51:33 GMT]]>@viragomann said in Source/Destination Interface and IP Range:

The egress interface is given by routes for the destination IP. So why will you set it in a filter rule?

If you're looking for a function to direct the traffic to a specific gateway, you can do this by a policy routing rule.

What about if I want to allow all traffic from LAN to WAN but not allow traffic to another interface e.g LAN2.

On a FortiNet firewall I would only have to create one rule, on pfSense I have to create the allow rule and a deny rule to the IP address range of LAN2.

]]>https://forum.netgate.com/post/940756https://forum.netgate.com/post/940756Sat, 17 Oct 2020 17:51:33 GMT<![CDATA[Reply to Source/Destination Interface and IP Range on Sat, 17 Oct 2020 16:54:14 GMT]]>The egress interface is given by routes for the destination IP. So why will you set it in a filter rule?

If you're looking for a function to direct the traffic to a specific gateway, you can do this by a policy routing rule.

]]>https://forum.netgate.com/post/940751https://forum.netgate.com/post/940751Sat, 17 Oct 2020 16:54:14 GMT