Functionally equivalent iptables configuration in pfSense?
-
How might one implement functionally equivalent rules in pfSense? Is the layer 7 stuff possible?… I'm not familiar enough outside linux.
-A INPUT -i eth0 -p udp --dport 5060 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i eth0 -p udp --dport 5060 -m string --string "REGISTER sip:mypbx.domain.tld" --algo bm -j ACCEPT
-A INPUT -i eth0 -p udp --dport 5060 -j DROP
-A INPUT -i eth0 -p udp --dport {RTP_Start_port}:{RTP_End_port} -j ACCEPT -
You can choose to block or queue based on a layer7 pattern, but not pass in that way. (Firewall > Traffic Shaper, Layer 7 tab)
-
I was afraid of that. Since the rules are RegEx?… it wouldn't be hard to invert the condition and turn a block into an allow? I guess I have to play with it.