SHould a FTP client be able to get out by default?
I have read that PFSense blocks all ports by default.
When I use Filezilla, it seems to be able to get out with me having to create a rule to open port 21.
Is this normal or did I mis-set something on my network?
Outbound from internal (LAN) network to WAN (Internet) is allowed by default. there is a rule under for your lan inf, it says defualt lan to any, this means the LAN clients can access any and everything.
Inbound is blocked by default, nothing is allowed in.
What are you trying to do?
Well, my email required me opening a port, as did ping and DNS, figured everything was blocked.
that makes no sense. something must have gotten set wrong.
Talking about "opening a port" is inaccurate if direction of the connection is left out. Like said by others, pfSense by default blocks all incoming connections on WAN interface and allows all incoming connections (which are usually also outgoing connections to the internet from the point of the client) on LAN. You have to give us more details of what you're doing.
Ok, I am using an FTP client and connecting to sites on the internet to transfer files.
When I used my email program to get emails, I had to open 995, to send 25, to get webpages with my browser 80, shouldn't I have had to set up a rule to open 21 before I should have been able to transfer files with my FTP client?
If you enabled the FTP proxy, it adds a rule that lets FTP out.