What do you think of my firewall rules?
-
Hi!
What do you think about my firewall rules? VLAN20 is my guest network and I don't want them to be able to reach my vlans internally and so may only go to the internet. The subnet for guest is 10.10.20.0/24
-
One rule less
-
@laurens-DS said in What do you think of my firewall rules?:
One rule less
Remove another rule :
as it is 100 % useless.
edit : on the other hand, consider adding a rule that allows VLAN20 pfSense LAN IP, so DNS (NTP ?) VLAN20 devices can use these services.
-
@Gertjan Anything that has to each other in the subnet will not pass on the firewall so the rule is probably not needed only I wonder if the block of RC1918 will block traffic going to the gateway (10.10.20.1).
-
@laurens-DS
What is "VLAN20 subnets" ?
Is it {10.0.0.0/8,172.16.0.0/16, 192.168.0.0/16} ?
Or is that "RFC1918" ?10.10.20.1 is part of RFC1918.
-
@Gertjan VLAN20 = 10.10.20.0/24
RFC1918 :- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
-
@laurens-DS
Ok, I get it "VLAN20 subnets" is a pfSense Interface alias
Your rule 2 :
change the green "VLAN20 subnets" for "VLAN20 address".
