Reject rule with any protocol?
-
2.0-BETA5 (amd64)
built on Wed Feb 16 23:27:05 EST 2011I just created a firewall rule with Action:reject, Protocol:any. Pfsense used to complain that I must select TCP, UDP or TCP/UDP as the protocol when creating a reject rule. Is this a feature or a bug? I haven't had a chance yet to test the result of this new rule.
-
you can only reject TCP and UDP packets. better to use Block anyway. Google: Block vs. Reject TCP
Roy..
Edit: It's OK to use Reject on your LAN rules but use Block on your WAN rules.
-
Edit: It's OK to use Reject on your LAN rules but use Block on your WAN rules.
Yeah, I'm working on the LAN rules. As for the WAN side, yeah, I've read a bunch of discussions and there doesn't appear to be a consensus.
I'm still wondering why pfsense used to refuse to make a reject rule for any protocol, and now it does. Maybe the rule is interpreted as a block for non-TCP/UDP packets?
-
not all protocols support a reject packet. a block rule doesn't require protocol support.
Roy…