Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Can i map fw rules to interfaces?

    Firewalling
    3
    4
    2171
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vleinone last edited by

      Hi,

      As i wrote in topic can i map fw rules to intrerfaces. I have 5 vlans and i want to limit
      telnet/ssh access to my mgmt vlan. When i put rules in mgmtvlan rule set tab, which allows
      telnet and ssh some vlans and drops all other traffic it wont work. I have prod net rule
      allow any to any so it match this and there seems to be no rule check in mgmtnet. When
      i take http connection to mgmt net and it goes pass. If pfsense looks only incomming traffic,
      then those tabs is quite useless in bigger enviroment (i think). Any suggestion how i resolve
      this?

      Br,

      Ville

      1 Reply Last reply Reply Quote 0
      • A
        althornin last edited by

        You are allowing "prod net rule allow any to any" - your firewall is doing exactly that!
        change the rule to "allow any to !mgmt"….

        1 Reply Last reply Reply Quote 0
        • S
          sullrich last edited by

          FYI:

          ! = NOT for the non programmer geeks.

          1 Reply Last reply Reply Quote 0
          • V
            vleinone last edited by

            @althornin:

            You are allowing "prod net rule allow any to any" - your firewall is doing exactly that!
            change the rule to "allow any to !mgmt"….

            Yes i know this, but id like to know can i map rules to interfaces. Eg. Packet flow
            is something like this:

            Packet in Int1 -> Check against int1 rules -> Packet routed to Int2 -> Check against Int2 rules.

            If this is not posible i think i try to modify that Firewall: Rules page so that i cab see all my rules
            in one page (like checkpoint). I think this way i can get more cleaner picture how my fw rules are checked.

            Br,

            Ville

            1 Reply Last reply Reply Quote 0
            • First post
              Last post