• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Allow/Block all except some rules and how to disable firewall?

Scheduled Pinned Locked Moved Firewalling
5 Posts 5 Posters 11.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Q
    QuEsT147
    last edited by Jul 3, 2014, 6:13 AM

    Hi all

    I am new to pfSense, so here are two newbie questions :)

    1. On every firewall there should be a possibility to Allow or Block all traffic except some defined rules. How to achieve this in pfSense?

    2. Is it possible to disable firewall completely, for example for testing purposes? How can I do it?

    Thanks for help.

    1 Reply Last reply Reply Quote 0
    • I
      Inderpreet
      last edited by Jul 3, 2014, 11:42 AM

      Hi,

      I am also new to Pfsense, Maybe my reply can help you a -

      By default there is a LAN rule in PfSense which allow every request from every port from every host on network, So simply you can say firewall is by default disabled in PfSense initially.

      To Allow or Block all traffic except some defined rules yo can add your rules in firewall - rules from Pfsense dashboard.

      1 Reply Last reply Reply Quote 0
      • K
        kpa
        last edited by Jul 3, 2014, 1:07 PM Jul 3, 2014, 1:04 PM

        No, the firewall is not disabled by default. It is on but the default rules allow all incoming traffic on the LAN interface and allows all outgoing traffic on any interface. Incoming traffic on interfaces other than LAN is blocked by default. The default rules are crafted so that you have internet access from LAN hosts without changing anything in the firewall but still provides protection from attacks from outside.

        If you want to change this default behaviour to let's say block all by default and allow only selected LAN hosts/protocols/ports to connect, you'll have to change the firewall rules on the LAN interface and disable or delete the default pass all rule(s) and add your own rules.

        1 Reply Last reply Reply Quote 0
        • D
          dotdash
          last edited by Jul 3, 2014, 1:55 PM

          To get back to the original question:

          1. The firewall is default deny. You need to adjust the rules to suit. Default configuration is machines on the LAN are allowed out and inbound traffic is denied. Go to firewall, rules to adjust.
          2. This can be done by going to advanced, firewall/nat. As it says, it also disables NAT.
          1 Reply Last reply Reply Quote 0
          • C
            Cmellons
            last edited by Jul 3, 2014, 5:48 PM

            This is all you need to get started.

            https://doc.pfsense.org/index.php/Example_basic_configuration

            Also to disable the firewall completely if you should happen to get locked out because of a bad firewall rule just type pfctl -d in the console. It re-enables itself so there's no need to type pfctl -e after making the necessary changes.

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received