Can i map fw rules to interfaces?



  • Hi,

    As i wrote in topic can i map fw rules to intrerfaces. I have 5 vlans and i want to limit
    telnet/ssh access to my mgmt vlan. When i put rules in mgmtvlan rule set tab, which allows
    telnet and ssh some vlans and drops all other traffic it wont work. I have prod net rule
    allow any to any so it match this and there seems to be no rule check in mgmtnet. When
    i take http connection to mgmt net and it goes pass. If pfsense looks only incomming traffic,
    then those tabs is quite useless in bigger enviroment (i think). Any suggestion how i resolve
    this?

    Br,

    Ville



  • You are allowing "prod net rule allow any to any" - your firewall is doing exactly that!
    change the rule to "allow any to !mgmt"….



  • FYI:

    ! = NOT for the non programmer geeks.



  • @althornin:

    You are allowing "prod net rule allow any to any" - your firewall is doing exactly that!
    change the rule to "allow any to !mgmt"….

    Yes i know this, but id like to know can i map rules to interfaces. Eg. Packet flow
    is something like this:

    Packet in Int1 -> Check against int1 rules -> Packet routed to Int2 -> Check against Int2 rules.

    If this is not posible i think i try to modify that Firewall: Rules page so that i cab see all my rules
    in one page (like checkpoint). I think this way i can get more cleaner picture how my fw rules are checked.

    Br,

    Ville


Locked