4. Floating Rules Direction confusion

Floating Rules Direction confusion

  • N

    Hello,

    On the "Floating Rules" page, when we edit a floating rule, we can choose the interface and the direction.
    Now, under the list of interfaces available to choose from, there is the description "Choose on which interface packets must come in to match this rule."

    1. Is this correct, ie, the floating rules only apply to incoming packets?
    2. If this is true, then what's the function of the "Direction" (in, out, any)?
    3. For the sake of understanding, what happens if I choose an interface, for example, the WAN interface (this means packets incoming on this interface according to the description above) and then specify the "Out" direction?

    Can someone please clarify?

    0
  • Rebel Alliance Developer Netgate

    The description isn't quite right there. The text is shared with the other firewall tabs so some things are generalized.

    The direction option controls which direction the rule matches, as expected.

    For #3, the packet is matched when leaving WAN, just like it implies. Note that NAT has happened before the rules apply so you can't match on a private IP source that has gone through NAT, you have to match on the destination or the translated source.

    0
  • N

    Thanks for the clarification.

    Given that I don't do NAT on my pfSense, so the rule should match on a private source IP.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy