Layer 7 : allow only HTTP trafic

Firewalling
Log in to reply
  • D

    Hi,

    I would like to allow only HTTP traffic on port 80/tcp. No HTTPS or else. I think I need to check with Layer 7 if the traffic is HTTP. But I can only drop it in the window definition, not allow it.
    I know how open the TCP port 80 in the firewall rules, I see the advanced option for Layer7, but I don't understand how configure all af this.
    I have a drop all policy, so I explicitly add the open rule, then there is a drop rule.

    Thanks

    Dom

    0
  • marcelloc

    If you restrict your lan rules to allow only port 80, you can do this layer7 filtering much better with squid proxy in transparent mode.

    0
  • D

    OK for port 80. I'll check by transparent squid.

    I was thinking it is better to not filter by ports but only by L7 protocols. In this case, imagine the port 110 or something else, and then, I would like to reject if it is not the standard protocol. Is this possible with L7 in PFsense ?

    Thanks for your efficient answer, I appreciate !

    0
  • marcelloc

    You can apply rules to block protocols based on L7 rules, but I did not found on l7 config a way to allow a specific protocols and deny anything else.

    0
  • D

    Thanks for your answer. I didn't find anything too.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy