WireGuard, Two Firewall Entries
-
Hi,
Likely a dumb question, but just not fitting with my brain (yet)
. In my Firewall Rules, I see two WireGuard entries ... seems like one is interface, the other the "application" (for lack of a better term). Should there be? And what is the difference / which one is needed?Thanks!
-
@arrmo It's explained in the doco.
https://docs.netgate.com/pfsense/en/latest/vpn/wireguard/rules.htmlThe Group rules are processed first, then the interface rules. Just like floating rules and interface rules on the firewall.
So I think for inbound traffic the order will be Floating -> Wireguard -> wgx but outbound is a little more complicated.
-
@griffo That makes sense, thanks! So if I pass at the Group level, no need for a rule "below" that (i.e. interface).
Appreciate it!
-
@griffo said in WireGuard, Two Firewall Entries:
The Group rules are processed first, then the interface rules. Just like floating rules and interface rules on the firewall.
Just to clarify (make sure I have it correct
). It seems like the rules are processed Left to Right, as they show up in the webConfigurator. Correct?Thanks!
-
@arrmo The order is somewhat arbitrary, fwiw you can change the ordering to alphabetical if you want in General Setup settings.
Thttps://docs.netgate.com/pfsense/en/latest/nat/process-order.html
-
@vbman213 That link helps, appreciate it!
