Is there a rule to tell pfSense: Allow traffic to the Internet from this interface?
-
Sorry if this is probably a silly question for those who know the logic of pfSense well, I come from the Fortinet world and my ideas are a bit confused.
There is the possibility in pfSense to create a single rule in which I say: "everything that comes from the WiFiGuest Vlan can go to the Internet". (maybe a couple of rules if I have 2 WANs)
That traffic could implicitly not reach neither the LAN nor the other networks configured on the firewall.
Thank you
-
@sheprador
hey there,
in short:
first set rules that handle traffic to other LANs / VLANs (i.e. deny). Then (last rule in order) set like this:
pass(allow) source: from IF xy destination ANY Ports any (or as needed).At least that way it is working for me...
-
@sheprador said in Is there a rule to tell pfSense: Allow traffic to the Internet from this interface?:
There is the possibility in pfSense to create a single rule in which I say: "everything that comes from the WiFiGuest Vlan can go to the Internet". (maybe a couple of rules if I have 2 WANs)
Yes !
It's the default rule you've found on the LAN interface when you installed pfSense.Here are mine :
Forget about the first rule, it's a NAT NUT rule, useful if you have an UPS.
The second and third rule could be combined into one, but I've split them in 2 so I can see direct "how much IPv4 and how much IPv4". As soon as the IPv4 counters stays at "0" for a while, I can remove and disable IPv4 everywhere ^^
