Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    When we create a rule on Floating tab, should we always check the quick option?

    Firewalling
    3
    5
    2066
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      abdurrahman last edited by

      I create firewall rules on Floating Tab when i want to apply the rule on multiple interfaces…
      the interesting thing is:
      On Floating Tab, if a rule is created without quick option, even if a packet matches that rule,
      all of the rules below that rule are considered...
      for example
      my 3rd rule is : 
      source: 10.10.1.250
      destination : any
      ports: any
      action : pass
      quick option : not selected

      my 5th rule is:
      source : any
      destination : 195.x.x.x
      ports : any
      action : block

      even if a packet matches 3rd rule, the rules below the 3rd rule (4,5,6...) are considered
      and for that reason when i try to connect to 195.x.x.x, firewall considers the 5th rule and doesn't permit me to connect 195.x.x.x

      but if i check the quick option for 3rd rule, than if a packet matches 3rd rule, firewall omits the 5th rule...

      when we create a rule on Floating tab, should we always check the quick option?

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        if you want the rule to immediately apply, yes.

        1 Reply Last reply Reply Quote 0
        • A
          abdurrahman last edited by

          thanks a lot.

          Source Book: pfSense: The Definitive Guide
          Author(s) : Christopher M. Buechler, Jim Pingle

          Chapter 6. Firewall
          6.1. Firewalling Fundamentals
          6.1.1. Basic terminology

          In pfSense, rulesets are evaluated in a first match basis. This means that if you read the ruleset
          for an interface from top to bottom, the first rule that matches will be the one used. Processing
          stops after reaching this match
          and then the action specified by that rule is taken

          the important point is that the rules on Floating tab must be checked as quick, if we want the basic terminology above to be true..
          (if we want the processing to stop after a packet matches a rule)

          @cmb:

          if you want the rule to immediately apply, yes.

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            Floating rules didn't exist at the time that was written. New book is coming soon.

            1 Reply Last reply Reply Quote 0
            • panz
              panz last edited by

              @cmb:

              Floating rules didn't exist at the time that was written. New book is coming soon.

              Please, insert in the book some examples of rules we can apply to OpenVPN connections with VPN providers (like: block all Internet traffic when VPN is down; forward only provider's DNS and/or prevent DNS leaks, etc.)  ::)

              A step-by-step guide to all the configuration parameters needed to establish a reliable connection to a VPN provider would also be MUCH appreciated!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy