Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Not understanding firewall rules

    Scheduled Pinned Locked Moved Routing and Multi WAN
    28 Posts 6 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rcoleman-netgate Netgate @BartH
      last edited by

      @barth said in Not understanding firewall rules:

      How hard can I push this little 4100?

      I suspect you're barely making it sweat at this point. The 4100 is one of the fastest systems we sell. If it was a 2100 I might be worried.

      Ryan
      Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
      Requesting firmware for your Netgate device? https://go.netgate.com
      Switching: Mikrotik, Netgear, Extreme
      Wireless: Aruba, Ubiquiti

      1 Reply Last reply Reply Quote 1
      • BartHB
        BartH
        last edited by

        Well, that's good to know. I was looking at the 6100 but, on a fixed income, it was a little more than the budget would allow at this time.

        1 Reply Last reply Reply Quote 0
        • BartHB
          BartH
          last edited by

          johnpos
          Should we take this off list? If you like, I can create a temporary email address to post here and delete it when you reply. Up to you.

          Bart

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @BartH
            last edited by johnpoz

            @barth said in Not understanding firewall rules:

            At what point would I be seeing a degradation in performance?

            What by adding a few extra vlans? Or a few 100 rules? That is not going to be a problem.. As I mentioned a few rules isn't something that would be in any way different in performance - now if you were talking 1000's of rules?

            And yes the best way to go over rules is to post a screenshot - like I did with my example rules for a locked down interface.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 1
            • BartHB
              BartH
              last edited by

              Alright! Y'all convinced me! I'll remove my bang rule.

              Regarding this though, prompts one further question about your rfc1918 alias: Your show 10/8, 172.16/12 and 192.168/16. Did you really mean the IPs as you typed them, or should they actually be 10.0.0.0, 172.16.0.0/12 .... I created an alias of type network and actually entered the networks just as you had typed them. pfSense seemed to accept them this way. I then edited the alias and changed them to the full length of the IP, and pfSense seemed to like it as well. Is either way acceptable? Would it have worked if I had left the short versions?

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @BartH
                last edited by johnpoz

                @barth my method just a shortcut, no reason to show zeros that everyone knows is there ;)

                Have to see if pfsense actually would use - I was not aware it would, sorry for any confusion my laziness might have caused..

                edit:
                it doesn't seem to work - even if it takes, them if I go back into the alias its not correct after hitting save

                alias.jpg

                Sorry if my laziness was misleading to how they should be entered.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 1
                • BartHB
                  BartH
                  last edited by

                  Not a problem. I kinda thought that was the case, but wanted to make sure.

                  1 Reply Last reply Reply Quote 0
                  • BartHB
                    BartH
                    last edited by

                    Well, YAHOO! I got my system working like I want it to.

                    I want to express sincere thanks to all who had the patience to point me in the right direction.

                    johnpoz, Next time you're in my area, get in touch with me. I'll take you out for a nice Buffalo steak!

                    Bart

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.