Source/Destination Interface and IP Range
-
Hi All,
On normal hardware firewalls (FortiNet/Palo) when you create a Firewall rule you specify the ingress and egress interface along with the source and destination IP ranges.
Is this not possible on pfSense?
Thanks
-
The egress interface is given by routes for the destination IP. So why will you set it in a filter rule?
If you're looking for a function to direct the traffic to a specific gateway, you can do this by a policy routing rule.
-
@viragomann said in Source/Destination Interface and IP Range:
The egress interface is given by routes for the destination IP. So why will you set it in a filter rule?
If you're looking for a function to direct the traffic to a specific gateway, you can do this by a policy routing rule.
What about if I want to allow all traffic from LAN to WAN but not allow traffic to another interface e.g LAN2.
On a FortiNet firewall I would only have to create one rule, on pfSense I have to create the allow rule and a deny rule to the IP address range of LAN2.
-
You can add a pass rule which allows any destination but LAN2 by checking "invert" and selecting "LAN2 net".
-
@jmarston said in Source/Destination Interface and IP Range:
@viragomann said in Source/Destination Interface and IP Range:
The egress interface is given by routes for the destination IP. So why will you set it in a filter rule?
If you're looking for a function to direct the traffic to a specific gateway, you can do this by a policy routing rule.
What about if I want to allow all traffic from LAN to WAN but not allow traffic to another interface e.g LAN2.
On a FortiNet firewall I would only have to create one rule, on pfSense I have to create the allow rule and a deny rule to the IP address range of LAN2.
This doesn't really work for me as I have multiple interfaces.
-
@jmarston said in Source/Destination Interface and IP Range:
This doesn't really work for me as I have multiple interfaces.
So create an alias, add all concerned networks to it and use it as destination in the rule.