• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Source/Destination Interface and IP Range

Scheduled Pinned Locked Moved Firewalling
6 Posts 2 Posters 677 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jmarston
    last edited by jmarston Oct 16, 2020, 11:17 PM Oct 16, 2020, 10:17 PM

    Hi All,

    On normal hardware firewalls (FortiNet/Palo) when you create a Firewall rule you specify the ingress and egress interface along with the source and destination IP ranges.

    Is this not possible on pfSense?

    Thanks

    1 Reply Last reply Reply Quote 0
    • V
      viragomann
      last edited by Oct 17, 2020, 4:54 PM

      The egress interface is given by routes for the destination IP. So why will you set it in a filter rule?

      If you're looking for a function to direct the traffic to a specific gateway, you can do this by a policy routing rule.

      J 1 Reply Last reply Oct 17, 2020, 5:51 PM Reply Quote 0
      • J
        jmarston @viragomann
        last edited by Oct 17, 2020, 5:51 PM

        @viragomann said in Source/Destination Interface and IP Range:

        The egress interface is given by routes for the destination IP. So why will you set it in a filter rule?

        If you're looking for a function to direct the traffic to a specific gateway, you can do this by a policy routing rule.

        What about if I want to allow all traffic from LAN to WAN but not allow traffic to another interface e.g LAN2.

        On a FortiNet firewall I would only have to create one rule, on pfSense I have to create the allow rule and a deny rule to the IP address range of LAN2.

        1 Reply Last reply Reply Quote 0
        • V
          viragomann
          last edited by Oct 17, 2020, 6:04 PM

          You can add a pass rule which allows any destination but LAN2 by checking "invert" and selecting "LAN2 net".

          1 Reply Last reply Reply Quote 0
          • J
            jmarston
            last edited by Oct 17, 2020, 6:22 PM

            @jmarston said in Source/Destination Interface and IP Range:

            @viragomann said in Source/Destination Interface and IP Range:

            The egress interface is given by routes for the destination IP. So why will you set it in a filter rule?

            If you're looking for a function to direct the traffic to a specific gateway, you can do this by a policy routing rule.

            What about if I want to allow all traffic from LAN to WAN but not allow traffic to another interface e.g LAN2.

            On a FortiNet firewall I would only have to create one rule, on pfSense I have to create the allow rule and a deny rule to the IP address range of LAN2.

            This doesn't really work for me as I have multiple interfaces.

            V 1 Reply Last reply Oct 17, 2020, 6:27 PM Reply Quote 0
            • V
              viragomann @jmarston
              last edited by Oct 17, 2020, 6:27 PM

              @jmarston said in Source/Destination Interface and IP Range:

              This doesn't really work for me as I have multiple interfaces.

              So create an alias, add all concerned networks to it and use it as destination in the rule.

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received