Securing pfsync

  • Hello all.

    Sitting here with an issue/question.

    Testing out pfSense to see if it can be used in my workplace network. The issue I got is if you make a dedicated network for pfsync will you have to place a block on all lan networks to the sync network to secure it from spoofing?



  • Rebel Alliance Developer Netgate

    You can just use rules on the pfsync interface to only allow from the pfsync subnet as a source.

    pf is smart enough to not forward spoofed packets if they enter the "wrong" interface.

Log in to reply