Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Firewall Rules

    Expired/Withdrawn Bounties
    5
    10
    22134
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Veugelen last edited by

      150$ for someone to rebuilding the Firewall rules in to.

      Policies to group rules together.
      Policies are
      chains listing jumps to chains, which may be dedicated to single rules.
      They process a clustering of links to chains/rules in a
      certain order. This design removes the need to duplicate rules which are
      needed in several chains, and allows different combinations of rules to be
      applied for different purposes.  Policies are used throughout the 
      firewall.
      Policies can be static or dynamic. Static policies are enabled when the firewall starts up, and are therefore operational by default.

      Dynamic policies allow computer- user- or group-specific policies to be
      applied, and are activated during runtime.

      1 Reply Last reply Reply Quote 0
      • E
        eri-- last edited by

        This is not linux and fix that in your mind.

        Albeit it is way more powerfull!
        Your rules apply all over the firewall and schedules apply whenever you need them.

        Learn how to use your firewall and not try to do strange things with it.

        BTW this is BSD world and this is called linuxism in here.

        1 Reply Last reply Reply Quote 0
        • V
          Veugelen last edited by

          Is it not possible to make the firewall rules easier to use?
          Example: First give al the computers on the network a name and IP adres and add firewall rules.
          See screenshot




          1 Reply Last reply Reply Quote 0
          • E
            eri-- last edited by

            Heh, i see what you want now.

            For everybody interested in this bounty it is just a metter of exposing pf anchors to the gui.

            From those pictures it looks easier to me to read the pfSense rules tabs than those. But maybe it is just a personal preference.

            1 Reply Last reply Reply Quote 0
            • V
              Veugelen last edited by

              It is not easier to read the pfsense rules such as you
              say.  ???

              Here it is possible to have an complete overview of the computers, the ip address
              and the outbound and inbound rules.

              If you click on a computer name then can you very rapidly add rules or
              remove them.

              Please look add the screenshots.




              1 Reply Last reply Reply Quote 0
              • K
                kapara last edited by

                It is definitely interesting but I don't see it as being very useful for most enviroments since the average company may have a SQL server, Mail Server, HTTP Server, AND FTP.  The rest generally do not have any inbound ports open to workstations.  The only thing I really like about it is for blocking outbound traffic.  I could block all ports except HTTP and HTTPS to the outside for all users.    Or I could also create a VIP group who could have outbound SMTP.

                Skype ID:  Marinhd

                1 Reply Last reply Reply Quote 0
                • B
                  b00gz last edited by

                  I could see it being useful if they were aliases for certain ports so for instances … You have a bunch of rules the reference "CustomPort1" and you originally setup "CustomPort1" to be UDP 1234 and you want to change this later to 4321 you can change the alias and then it would update the rules.

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb last edited by

                    The functionality already provided with aliases, allowing you to group hosts, networks, or ports and use those in firewall rules seems to be a suitable solution for this. What you describe would be a mess, I don't see where it would have any benefit, just add significant complexity.

                    Maybe a solution would be to have filtered display for firewall rules, allowing you to display all rules matching X. Maybe it's src or dst of a specific alias or IP, or a specific protocol, etc.

                    1 Reply Last reply Reply Quote 0
                    • V
                      Veugelen last edited by

                      In my example you can make so many rules (= templates) as you want but they become just active if you put them in a dynamic (active on pc level.) or static policie (be always active similar with pfsense now). It is more synoptically and faster than aliases .You can prohibit all outgoing movement except mail, explorer… on a complete network,  PC based (dynamical policie) or network based (Static policie). It is also posible to combine different rules together and put them in a policie for use PC based or network based.

                      ![firewall rule.jpg](/public/imported_attachments/1/firewall rule.jpg)
                      ![firewall rule.jpg_thumb](/public/imported_attachments/1/firewall rule.jpg_thumb)

                      1 Reply Last reply Reply Quote 0
                      • V
                        Veugelen last edited by

                        Nobody interested in this bounty?

                        I have a live demo of the other firewall then you can see whith your own eyes what i mean.

                        first make a vpn connection to veugelen.dynalias.com

                        login : axsguard

                        password : axsguarddemo

                        then go to

                        https:192.168.0.99:82

                        login : axsguard

                        password : axsguarddemo


                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post