Which rules are absolutely necessary?
-
Hi everybody,
Thanks to the help I got on this forum, I have now a PFSense machine up and running juste like I wanted to. I use it as a router/gateway in our network, and it's working fine.
I'm in an hotel business, and what we want is to give our client a "like home" experience. There will be no internal server or other critical equipment on our local network, just the client machines and obviously the network hardware (access points, switch and PFSense). Considering this, which kind of rules should I set up? Basically I do not care what happens on the client machines (it is their responsability). My main concern is to keep the network running.
Maybe blocking communication between LAN machines is a good thing to prevent spreading of malware shoudl one client be infected ?As you can guess I'm very junior to firewalling!
Thanks
-
In the typical installation, if LAN machines are communicating with each other, they do so through a switch, and the switch is uplinked to the pfsense router/firewall.
What this means is that pfsense does not participate in LAN machine to machine communication, and any rules you put in place to restrict such communication are meaningless.
-
Well, a hotel networking / firewalling scenario would typically be quite complex, because most hotels prefer to share the networking infrastructure (access points, cabling) and Internet link(s) to satisfy both their own needs and guests. E.g. both hotel staff and guests will use the same Wifi access points but on different SSIDs.
Also depending on your location (US, EU), there may also be legal requirements you have to comply with.
-
Thanks for you answer - good remark concerning the switch, I'll also look into that. In our hotel there is no need for special network rules for the staff, since there is no local server for reservation/check in/out, etc.
I've read that PFSense is a stateful firewall. Does that mean that, without any configuration, it will block "new" (like TCP SYN) incoming connexion ?