Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Layer 7 : allow only HTTP trafic

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dominique.fournier
      last edited by

      Hi,

      I would like to allow only HTTP traffic on port 80/tcp. No HTTPS or else. I think I need to check with Layer 7 if the traffic is HTTP. But I can only drop it in the window definition, not allow it.
      I know how open the TCP port 80 in the firewall rules, I see the advanced option for Layer7, but I don't understand how configure all af this.
      I have a drop all policy, so I explicitly add the open rule, then there is a drop rule.

      Thanks

      Dom

      2.1 (amd64)

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        If you restrict your lan rules to allow only port 80, you can do this layer7 filtering much better with squid proxy in transparent mode.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • D
          dominique.fournier
          last edited by

          OK for port 80. I'll check by transparent squid.

          I was thinking it is better to not filter by ports but only by L7 protocols. In this case, imagine the port 110 or something else, and then, I would like to reject if it is not the standard protocol. Is this possible with L7 in PFsense ?

          Thanks for your efficient answer, I appreciate !

          2.1 (amd64)

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            You can apply rules to block protocols based on L7 rules, but I did not found on l7 config a way to allow a specific protocols and deny anything else.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • D
              dominique.fournier
              last edited by

              Thanks for your answer. I didn't find anything too.

              2.1 (amd64)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.