How do i allow http/https and block others in firewall

syedadi · Jan 4, 2011, 6:49 AM

Could anyone help me with this settings in firewall so that all client only can access internet via port 80/443 not others

Cry Havok · Jan 4, 2011, 11:23 AM

Create 3 rules on the LAN interface.

One to allow access to port 80, one to allow access to port 443 and then the last to block all traffic not destined to the pfSense LAN IP.

syedadi · Jan 4, 2011, 2:18 PM

how would be the 3ed rules? can you give me the details? i'm not very good at creating firewall rules :)

Cry Havok · Jan 4, 2011, 4:03 PM

Create the rules on the LAN interface with all settings as default except where I specify below:

First
Destination port: 80
Description: Allow port 80

Second
Destination port: 443
Description: Allow port 443

Third
Action: Block
Destination: not
Destination type: LAN address
Description: Block all not to pfSense host

Create them in that order. The first 2 allow connections only to web sites on 80 and 443 (which will deny access to many web sites that run on non-standard ports) and the last blocks any other connections that aren't to the pfSense LAN IP.

tommyboy180 · Jan 4, 2011, 7:26 PM

Egress filtering is a smart thing to do. I wish more people did this so SPAM and virus infections wouldn't be so successful.

syedadi · Jan 5, 2011, 5:03 AM

Thanks :) Complete info….

what is "Egress filtering is a smart thing to do." Egress??

Cry Havok · Jan 5, 2011, 8:52 AM

Egress is another word for exit, used when talking about filtering the traffic leaving a network (as opposed to entering a network).

syedadi · Jan 5, 2011, 3:05 PM

ok2.. :) understand :) to jargon to me…