Newbie to pFSense - Alias for all traffic external
-
Does anyone know how to make an alias for all traffic deemed "external"?
-
Does anyone know if this is even possible?
I use watchguard firewalls pretty exclusively and they have an any-external filter that I'd like to replicate for ease of use for our other admins. Would like to see if anyone had any idea's on how to make this work.
-
sure … you can make an alias call external and set a network up to be 0.0.0.0/0. If the gui will allow it. In pfSense, we just use "any" to denote internet (public and private).
-
0.0.0.0/0 isn't very acurate.
maybe make an alias for everything internal (RFC1819, maybe reserved address space, …) and do a negative match on that?
For the rule you would select that alias, but select the "not" tick box?
-
You can do that … works almost the same way only slightly better as it exclude private, but so does the default blocks on WAN. Alias and rules only allow /1 as the smallest. So you can do an alias called everything or what ever and add to ranges 0.0.0.0/1 and 128.0.0.0/1.
Really, just use "any" as it is the same thing. wait .. negative match on 255.255.255.255/32? :-D