Default - all closed or all open? (A question of policy)

  • I have a firewall running with two wan interfaces and two lan interfaces. I have had a hard time getting things set up so that all traffic between the lan interfaces is blocked. I think I finally got it.

    So to me, it seems like pfSense has a policy of defaulting to all open. Is this correct?

    And if it is correct, would it not be better to have a policy of all closed so whatever you want to do, you specifically have to open for it?

  • Nope - Unless a rule passes traffic, its blocked.

    Default is drop silently.

  • LAYER 8 Global Moderator

    Depends how you look at it, yes by default outbound from the 1st lan network is open.  Inbound from the wan is blocked

    If you add a new lan interface, say lan2 the default is blocked outbound.. But from lan1 to lan2 it would be open.

  • ^^^^ True - But if the 1st LAN had no pass rule, NEWBS like me would be locked out at install and begging johnpoz for help to get in  ;D

Log in to reply