When would traffic for an interface be coming from something other than the interface net source?
-
When creating a FW rule for an interface, I can understand matching by a single host/alias but the other options don't make sense to me.
When/how would traffic on
LANnot be coming fromLAN net? Like, why are all the other options in the drop-down even an option?
-
It also works as destination target.
Say you want something from a dmz to be able to reach all hosts on another interface.
It would be host to lan net rule.These are just aliases, used for ease of use.
-
Say you want something from a dmz to be able to reach all hosts on another interface.
But then the traffic would be coming from said interface, no?
-
@imthenachoman obviously, yes
-
@netblues So if you want something from a DMZ interface to be able to reach another interface, the interface would be
DMZ, the implied source would beDMZ net, and the destination would be whatever you want.Why would you need to set a source?
I guess I am trying to find a situation/use-case where you would NOT set source to
any. -
@imthenachoman what If you need a single host from the dmz and not the whole net
And in a more general case
What if you wanted a specific host on the Internets that you trust to have access to a resource behind pf.Nowdays, with nat and vpn this isn't very common, but there are use cases.
-
@netblues I see. That makes sense. Thank you!