When would traffic for an interface be coming from something other than the interface net source?
-
When creating a FW rule for an interface, I can understand matching by a single host/alias but the other options don't make sense to me.
When/how would traffic on
LAN
not be coming fromLAN net
? Like, why are all the other options in the drop-down even an option? -
It also works as destination target.
Say you want something from a dmz to be able to reach all hosts on another interface.
It would be host to lan net rule.These are just aliases, used for ease of use.
-
Say you want something from a dmz to be able to reach all hosts on another interface.
But then the traffic would be coming from said interface, no?
-
@imthenachoman obviously, yes
-
@netblues So if you want something from a DMZ interface to be able to reach another interface, the interface would be
DMZ
, the implied source would beDMZ net
, and the destination would be whatever you want.Why would you need to set a source?
I guess I am trying to find a situation/use-case where you would NOT set source to
any
. -
@imthenachoman what If you need a single host from the dmz and not the whole net
And in a more general case
What if you wanted a specific host on the Internets that you trust to have access to a resource behind pf.Nowdays, with nat and vpn this isn't very common, but there are use cases.
-
@netblues I see. That makes sense. Thank you!