Egress filtering - firewall on traffic exiting the interface
How can a rule be created to take effect on traffic 'leaving' the interface.
Reason is quite simple.
In an ISP scenario where you have loads of VLANS on the router - one for each client - setting up rules on 'inbound traffic' is ineffective. You cannot assume that everything within the firewall is safe.
End result is that you need to setup rules that take place for traffic soured from 'anywhere' but heading 'outward' from the interface to the the clients local subnet.
This is achieved under vyatta by simply binding the rule set too the 'out' chain.
Does this functionality exist under pfsense?
You can do this on 2.0 with rules on the Floating tab.