How do i allow http/https and block others in firewall



  • Could anyone help me with this settings in firewall so that all client only can access internet via port 80/443 not others



  • Create 3 rules on the LAN interface.

    One to allow access to port 80, one to allow access to port 443 and then the last to block all traffic not destined to the pfSense LAN IP.



  • how would be the 3ed rules? can you give me the details? i'm not very good at creating firewall rules :)



  • Create the rules on the LAN interface with all settings as default except where I specify below:

    First
    Destination port: 80
    Description: Allow port 80

    Second
    Destination port: 443
    Description: Allow port 443

    Third
    Action: Block
    Destination: not
    Destination type: LAN address
    Description: Block all not to pfSense host

    Create them in that order.  The first 2 allow connections only to web sites on 80 and 443 (which will deny access to many web sites that run on non-standard ports) and the last blocks any other connections that aren't to the pfSense LAN IP.



  • Egress filtering is a smart thing to do. I wish more people did this so SPAM and virus infections wouldn't be so successful.



  • Thanks :) Complete info….

    what is "Egress filtering is a smart thing to do." Egress??



  • Egress is another word for exit, used when talking about filtering the traffic leaving a network (as opposed to entering a network).



  • ok2.. :) understand :) to jargon to me…


Locked