Functionally equivalent iptables configuration in pfSense?



  • How might one implement functionally equivalent rules in pfSense? Is the layer 7 stuff possible?… I'm not familiar enough outside linux.

    -A INPUT -i eth0 -p udp --dport 5060 -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A INPUT -i eth0 -p udp --dport 5060 -m string --string "REGISTER sip:mypbx.domain.tld" --algo bm -j ACCEPT
    -A INPUT -i eth0 -p udp --dport 5060 -j DROP
    -A INPUT -i eth0 -p udp --dport {RTP_Start_port}:{RTP_End_port} -j ACCEPT


  • Rebel Alliance Developer Netgate

    You can choose to block or queue based on a layer7 pattern, but not pass in that way. (Firewall > Traffic Shaper, Layer 7 tab)



  • I was afraid of that. Since the rules are RegEx?… it wouldn't be hard to invert the condition and turn a block into an allow? I guess I have to play with it.


Log in to reply