Firewall review
-
@Jarhead said in Firewall review:
you put the rule on the LAN interface, not the WAN.
My friend if you have a time and desire can you please just simple show 2 examples
First allow only ports to use by local subnets which you set in your aliasesSecond allow to communicate with internet outside of pfsense with ports which you set in second aliases
-
@Antibiotic said in Firewall review:
@Jarhead said in Firewall review:
you put the rule on the LAN interface, not the WAN.
My friend if you have a time and desire can you please just simple show 2 examples
First allow only ports to use by local subnets which you set in your aliasesSecond allow to communicate with internet outside of pfsense with ports which you set in second aliases
I don't understand what you mean by either of those.
Give an exact example of what you want. -
@Jarhead Yes , if possible and this action do not hurt you
-
@Antibiotic No, I'm asking you to give an exact example of what you want to do.
-
@Gertjan Actually "If you please"
Ted
-
@Jarhead
Dude i think going communication between forest and sea. If you can read , I post what i want to do! If you do not want, than no problem -
@Antibiotic Ok. Good luck.
-
@tedquade said in Firewall review:
Actually "If you please"
@Jarhead said in Firewall review:
you put the rule on the LAN interface, not the WAN.
My friend if you have a time and desire can you please just simple show 2 examples
First allow only ports to use by local subnets which you set in your aliasesSecond allow to communicate with internet outside of pfsense with ports which you set in second aliases
-
@Antibiotic I never needed loopback rules for my system.
-
Wan you only need to set what you want coming in. Anything originating from LAN that is approved will get out. So a VPN port if needed would be an example of a WAN rule. But I have only 1 wan rule everything else is block, my LAN has the rules
-
@Gertjan said in Firewall review:
(I presume you already removed the "LAN subnets" from Source)
Source LAN subnet going to WAN gateway, by NetGate docs rule. Why need to remove source?
I'm understood that rule correct apply to interface belong, but totally can be LAN subnet only direct to WAN gateway or VPN gateway only? -
This is an image from what ? LAN ? WAN ?
-
This is LAN, first rule anti-lokout on LAN))) It mean possible to make rule where is LAN rule going to WAN gateway
-
IMHO, rules look fine to me.
-
@Gertjan Yea, I know that look fine because its from NetGate docs! Want to warry that as mentioned above you told that rule source LAN can not be for WAN)))