Firewall review

Antibiotic

you put the rule on the LAN interface, not the WAN.

My friend if you have a time and desire can you please just simple show 2 examples
First allow only ports to use by local subnets which you set in your aliases

Second allow to communicate with internet outside of pfsense with ports which you set in second aliases

Jarhead

@Antibiotic said in Firewall review:

@Jarhead said in Firewall review:

you put the rule on the LAN interface, not the WAN.

My friend if you have a time and desire can you please just simple show 2 examples
First allow only ports to use by local subnets which you set in your aliases

Second allow to communicate with internet outside of pfsense with ports which you set in second aliases

I don't understand what you mean by either of those.
Give an exact example of what you want.

Antibiotic

@Jarhead Yes , if possible and this action do not hurt you

Jarhead

@Antibiotic No, I'm asking you to give an exact example of what you want to do.

tedquade

@Gertjan Actually "If you please"

Ted

Antibiotic

@Jarhead
Dude i think going communication between forest and sea. If you can read , I post what i want to do! If you do not want, than no problem

Jarhead

@Antibiotic Ok. Good luck.

Antibiotic

@tedquade

@tedquade said in Firewall review:

Actually "If you please"

@Jarhead said in Firewall review:

you put the rule on the LAN interface, not the WAN.

My friend if you have a time and desire can you please just simple show 2 examples
First allow only ports to use by local subnets which you set in your aliases

Second allow to communicate with internet outside of pfsense with ports which you set in second aliases

JonathanLee

@Antibiotic I never needed loopback rules for my system.

JonathanLee

Wan you only need to set what you want coming in. Anything originating from LAN that is approved will get out. So a VPN port if needed would be an example of a WAN rule. But I have only 1 wan rule everything else is block, my LAN has the rules

Antibiotic

@Gertjan said in Firewall review:

(I presume you already removed the "LAN subnets" from Source)

Source LAN subnet going to WAN gateway, by NetGate docs rule. Why need to remove source?
I'm understood that rule correct apply to interface belong, but totally can be LAN subnet only direct to WAN gateway or VPN gateway only?

Gertjan

@Antibiotic

This is an image from what ? LAN ? WAN ?

Antibiotic

@Gertjan

This is LAN, first rule anti-lokout on LAN))) It mean possible to make rule where is LAN rule going to WAN gateway

Gertjan

@Antibiotic

IMHO, rules look fine to me.

Antibiotic

@Gertjan Yea, I know that look fine because its from NetGate docs! Want to warry that as mentioned above you told that rule source LAN can not be for WAN)))