Does default deny policy rely on user defined rules?
-
In the docs it states
In a default two-interface LAN and WAN configuration, pfSense software utilizes default deny on the WAN and default allow on the LAN.
It's not clear to me if the above behavior is a result of inbuilt rules we cannot see in the GUI or due to the default rules installed on the LAN & WAN interfaces and new interfaces need to be appropriately configured with default rules.
For example, if I create a new interface for a local VLAN is it default deny or do I have to add a deny all rule at the end? I'm partly confused because I see many configs posted with a 'catchall' rule at the end to block all traffic which I assume is redundant. My testing tells me that new interfaces are default deny without any additional rules but I would like to confirm this critical feature.
-
@mikyniky No rules means nothing is allowed. On WAN there are no rules, so nothing is allowed. On first LAN.... see yourself.
-
@bob-dig Thank you, makes sense, that's what I assumed.