Reject rule with any protocol?



  • 2.0-BETA5 (amd64)
    built on Wed Feb 16 23:27:05 EST 2011

    I just created a firewall rule with Action:reject, Protocol:any. Pfsense used to complain that I must select TCP, UDP or TCP/UDP as the protocol when creating a reject rule. Is this a feature or a bug? I haven't had a chance yet to test the result of this new rule.



  • you can only reject TCP and UDP packets.  better to use Block anyway.  Google: Block vs. Reject TCP

    Roy..

    Edit: It's OK to use Reject on your LAN rules but use Block on your WAN rules.



  • @rpsmith:

    Edit: It's OK to use Reject on your LAN rules but use Block on your WAN rules.

    Yeah, I'm working on the LAN rules. As for the WAN side, yeah, I've read a bunch of discussions and there doesn't appear to be a consensus.

    I'm still wondering why pfsense used to refuse to make a reject rule for any protocol, and now it does. Maybe the rule is interpreted as a block for non-TCP/UDP packets?



  • not all protocols support a reject packet.  a block rule doesn't require protocol support.

    Roy…


Log in to reply