4 WANS - 7 LANS
-
I am new to pfsense so please be patient.
I have setup pfsense with two interfaces, on the External interface I am running 4 WAN VLANs and on the Internal interface I am running 7 VLANs.
My question is about Floating rules, I would prefer not to have to setup 7 rules that are the same and maintain them if I wanted to, for example, setup an Internet rule. So I am trying to use Floating rules but it seems I have to use Quick Match on every rule otherwise it skips to the end where I have a BLOCK ALL and log rule? If I am mistaken and just not using Floating rules correctly please help.
For inbound on the WANs, I am using the actual interfaces to setup rules because they are mostly very different.
-
Rules on any interface other than Floating are automatically set to quick. Rules that aren't set to quick are not really useful for simple pass and drop rules, because they will continue to be compared to other rules. Floating rules are most commonly used for traffic shaping or mangling packets.
Perhaps a better way to accomplish what you are trying to do is to create an interface group with all your LANs, then apply your rules on the new virtual interface that corresponds to this group.
-
Ok cool, I didn't even know about the Interface Groups. A quick test reveals that the Interface Group rules get applied before the actual Interface rules which I can work with.
However, unless you use Quick Match on a Floating rule for inbound interfaces, it never gets applied. Is this correct?
-
However, unless you use Quick Match on a Floating rule for inbound interfaces, it never gets applied. Is this correct?
Not exactly. The first matching quick rule will apply for firewall rule purposes, but there are reasons (generally on match rules only) to use floating rules without quick. In general, unless you use quick traffic will always match some later rule with quick so the action if it's pass/block/reject will not be applied in that instance without quick.