Newbie to pFSense - Alias for all traffic external



  • Does anyone know how to make an alias for all traffic deemed "external"?



  • Does anyone know if this is even possible?

    I use watchguard firewalls pretty exclusively and they have an any-external filter that I'd like to replicate for ease of use for our other admins. Would like to see if anyone had any idea's on how to make this work.



  • sure … you can make an alias call external and set a network up to be 0.0.0.0/0. If the gui will allow it. In pfSense, we just use "any" to denote internet (public and private).



  • 0.0.0.0/0 isn't very acurate.

    maybe make an alias for everything internal (RFC1819, maybe reserved address space, …) and do a negative match on that?

    For the rule you would select that alias, but select the "not" tick box?



  • You can do that … works almost the same way only slightly better as it exclude private, but so does the default blocks on WAN. Alias and rules only allow /1 as the smallest. So you can do an alias called everything or what ever and add to ranges 0.0.0.0/1 and 128.0.0.0/1.

    Really, just use "any" as it is the same thing. wait .. negative match on 255.255.255.255/32? :-D


Locked