Firewall Rules
-
150$ for someone to rebuilding the Firewall rules in to.
Policies to group rules together.
Policies are
chains listing jumps to chains, which may be dedicated to single rules.
They process a clustering of links to chains/rules in a
certain order. This design removes the need to duplicate rules which are
needed in several chains, and allows different combinations of rules to be
applied for different purposes. Policies are used throughout the
firewall.
Policies can be static or dynamic. Static policies are enabled when the firewall starts up, and are therefore operational by default.Dynamic policies allow computer- user- or group-specific policies to be
applied, and are activated during runtime. -
This is not linux and fix that in your mind.
Albeit it is way more powerfull!
Your rules apply all over the firewall and schedules apply whenever you need them.Learn how to use your firewall and not try to do strange things with it.
BTW this is BSD world and this is called linuxism in here.
-
Is it not possible to make the firewall rules easier to use?
Example: First give al the computers on the network a name and IP adres and add firewall rules.
See screenshot
-
Heh, i see what you want now.
For everybody interested in this bounty it is just a metter of exposing pf anchors to the gui.
From those pictures it looks easier to me to read the pfSense rules tabs than those. But maybe it is just a personal preference.
-
It is not easier to read the pfsense rules such as you
say. ???Here it is possible to have an complete overview of the computers, the ip address
and the outbound and inbound rules.If you click on a computer name then can you very rapidly add rules or
remove them.Please look add the screenshots.
-
It is definitely interesting but I don't see it as being very useful for most enviroments since the average company may have a SQL server, Mail Server, HTTP Server, AND FTP. The rest generally do not have any inbound ports open to workstations. The only thing I really like about it is for blocking outbound traffic. I could block all ports except HTTP and HTTPS to the outside for all users. Or I could also create a VIP group who could have outbound SMTP.
-
I could see it being useful if they were aliases for certain ports so for instances … You have a bunch of rules the reference "CustomPort1" and you originally setup "CustomPort1" to be UDP 1234 and you want to change this later to 4321 you can change the alias and then it would update the rules.
-
The functionality already provided with aliases, allowing you to group hosts, networks, or ports and use those in firewall rules seems to be a suitable solution for this. What you describe would be a mess, I don't see where it would have any benefit, just add significant complexity.
Maybe a solution would be to have filtered display for firewall rules, allowing you to display all rules matching X. Maybe it's src or dst of a specific alias or IP, or a specific protocol, etc.
-
In my example you can make so many rules (= templates) as you want but they become just active if you put them in a dynamic (active on pc level.) or static policie (be always active similar with pfsense now). It is more synoptically and faster than aliases .You can prohibit all outgoing movement except mail, explorer… on a complete network, PC based (dynamical policie) or network based (Static policie). It is also posible to combine different rules together and put them in a policie for use PC based or network based.
-
Nobody interested in this bounty?
I have a live demo of the other firewall then you can see whith your own eyes what i mean.
first make a vpn connection to veugelen.dynalias.com
login : axsguard
password : axsguarddemo
then go to
https:192.168.0.99:82
login : axsguard
password : axsguarddemo