Configure pfsense to run stateless
-
I know this kind of goes against the design of Pfsense, and may end up answering my own question because of that, but I am wondering if it's at all possible. Basically, I would prefer to run the firewall open (allow all from all both directions) but let snort to perform automatic blocking based on the categories I select, which requires the firewall to be enabled. However, when the firewall is running, it blocks sip and other ports certain machines are using for various applications. A Pfsense box further downstream would perform the stateful inspection for network segments that require the additional filtering. I could do this without PFsense by building my own box but the features in Pfsense beyond snort would also be in use. Any ideas are appreciated.
-
Ugh, why? What, specifically, are you trying to "fix" by doing this?
-
I guess I shouldn't have said I want to run stateless. I wish to disable the default firewall ruleset which blocks sip registration (the most frequent issue) and other client services/applications running on their machines.
-
You probably want this:
http://doc.pfsense.org/index.php/Static_Port -
yes, agreed! i did this, and my SIP problems all went away.
