4. Layer 7 : allow only HTTP trafic

Layer 7 : allow only HTTP trafic

  • D

    Hi,

    I would like to allow only HTTP traffic on port 80/tcp. No HTTPS or else. I think I need to check with Layer 7 if the traffic is HTTP. But I can only drop it in the window definition, not allow it.
    I know how open the TCP port 80 in the firewall rules, I see the advanced option for Layer7, but I don't understand how configure all af this.
    I have a drop all policy, so I explicitly add the open rule, then there is a drop rule.

    Thanks

    Dom

    0

  • If you restrict your lan rules to allow only port 80, you can do this layer7 filtering much better with squid proxy in transparent mode.

    0
  • D

    OK for port 80. I'll check by transparent squid.

    I was thinking it is better to not filter by ports but only by L7 protocols. In this case, imagine the port 110 or something else, and then, I would like to reject if it is not the standard protocol. Is this possible with L7 in PFsense ?

    Thanks for your efficient answer, I appreciate !

    0

  • You can apply rules to block protocols based on L7 rules, but I did not found on l7 config a way to allow a specific protocols and deny anything else.

    0
  • D

    Thanks for your answer. I didn't find anything too.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy