Firewall Basics



  • Hi everyone,

    This is just a quick, short post on the pfSense Firewall setup and my trials and tribulations with it.

    In my scenario, I have 4 local networks of which I would like 3 to communicate with each other. (1 being a guest internet access network).

    Once I got through the basic setup hosted on a virtualized platform (which was very easy and smooth btw) I set static ip's on a few pc's being on different subnets to test but could not get them to communicate if they were on any network other than the default setup LAN network.
    The reason was that the only firewall rules that were created were on the default LAN interface. the "OPT" interfaces had no rules.

    So what i did was create a simple allow rule on an OPT interface that stated all IPv4 traffic is allowed.

    I then did the same on all other networks bar the guest network.

    On the guest network I created 3 rules specifying [insert any otherlocal  interface] on any port is disallowed. This ended up with three similar rules. The final rule was to allow all traffic anywhere.
    The final rule does not actually allow all traffic anywhere as the pfSense firewall operates on a "First Matched" rule. Meaning, if a rule matches a given scenario before the final "Allow all" rule, the rule will be applied (Which is great once you figure that out).

    Once this was complete, I now have 4 networks, 3 being able to communicate with each other and one guest network only allowing internet traffic.

    I know this isn't the best write up but I just wanted to quickly jot down my experience thinking others may of had similar issues.
    It would be nice if the same default rules created on the LAN network were created on OPT networks but this does not seem to be the case.

    If you have any questions, leave a post below and I will try by best to answer.

    Happy networking,

    Curtis.



  • The picture below is miss leading. There is a block all rule above a allow all rule. The block all will not allow any traffic through despite the allow all. Please edit your post with the correct screen shot and more details for the rules.


Log in to reply