Layer 7 : allow only HTTP trafic

  • Hi,

    I would like to allow only HTTP traffic on port 80/tcp. No HTTPS or else. I think I need to check with Layer 7 if the traffic is HTTP. But I can only drop it in the window definition, not allow it.
    I know how open the TCP port 80 in the firewall rules, I see the advanced option for Layer7, but I don't understand how configure all af this.
    I have a drop all policy, so I explicitly add the open rule, then there is a drop rule.



  • If you restrict your lan rules to allow only port 80, you can do this layer7 filtering much better with squid proxy in transparent mode.

  • OK for port 80. I'll check by transparent squid.

    I was thinking it is better to not filter by ports but only by L7 protocols. In this case, imagine the port 110 or something else, and then, I would like to reject if it is not the standard protocol. Is this possible with L7 in PFsense ?

    Thanks for your efficient answer, I appreciate !

  • You can apply rules to block protocols based on L7 rules, but I did not found on l7 config a way to allow a specific protocols and deny anything else.

  • Thanks for your answer. I didn't find anything too.