Which outbound traffic?



  • Hello,

    i'm locking down outbound traffic which works great.

    Some application has no good documentation so you have find out which port(s) they use.

    Is there any way to quickly find the blocked traffic?

    Thanks again!

    Martijn



  • Everything that hits the default deny rule will be in the firewall log. If you add any block/reject rules, enable logging on those too so you can see that also.



  • So basically what you are saying is: ignore outbound tab (keep automatic) and do the trick all from inside OPT(s).

    At the moment i have in this order:

    1 accept wanted traffic to other OPT-interfaces
    2 block the rest (*) to those OPT-interfaces

    3 accept wanted traffic to * (like http&https&ssh)
    4 block the rest (*) to * and LOG this

    Thanks



  • @godfather007:

    So basically what you are saying is: ignore outbound tab (keep automatic) and do the trick all from inside OPT(s).

    At the moment i have in this order:

    1 accept wanted traffic to other OPT-interfaces
    2 block the rest (*) to those OPT-interfaces

    3 accept wanted traffic to * (like http&https&ssh)
    4 block the rest (*) to * and LOG this

    Thanks

    Floating rules or on which interfaces? Remember, rules are only applied on the receiving interface, they are not applied to data leaving an interface.



  • NAT has nothing to do with whether traffic is passed or blocked. Either put the rules on your OPT interfaces, or use floating rules, or use interface groups. Details in the 2.1x book available for gold subscribers @ portal.pfsense.org.


Log in to reply