A bit confused regarding the firewall and interfaces
-
Hey all!
My setup isnt complicated but there is something in pfsense that's not quite making sense to me.
I basically have this network configuration
WAN -> Mikrotik Route -> pfsense VM -> client network
In pfsense Ive set up a vlan interface called "trusted_network (vlan 120) and it works well. So then it's time to configure firewall rules.
Now I would like to block ICMP to the trusted_network interface so I start by creating a rule to block all traffic. However, I do want to be able to ping the WAN interface on the pfsense VM so I enable ICMP on that interface.
The result is that I can ping both the WAN and trusted_network interface, and herein lies my confusion.
I then tried to limit the rule allowing ICMP on the WAN interface by specifying the destination network having to be the WAN network. This works and I can no longer ping the trusted_network interface. However, if I then create a rule on the trusted_network interface to allow ICMP, it still doesnt work because its being stopped in the WAN interface.
So I guess my question can be summed up as follows.
It makes sense that all traffic coming from the WAN will be evaluated against the WAN interface firewall rules. However, why wont they then be evaluated against the next interface the traffic is passed to?
Hope this makes sense.
Thanks!
UPDATE:
I found this topic and I believe that answers my question. Anything coming in from outside the pfsense WAN is checked against the WAN interface firewall rules and only that.
-
The firewall rules for an interface only control what that interface allows through it. Once the traffic is passed by a rule, it's allowed to go where it wants.
