Why is block private networks enabled by default on WAN?


  • LAYER 8 Netgate

    Why is Block private networks enabled by default on WAN?

    If it's a WAN port with a public IP, traffic from private networks shouldn't be forwarded to it.

    If the WAN is on a private network, it does nothing but cause problems.

    If a WAN port has a private IP address, block traffic from private addresses but if a WAN port has a public IP address, allow traffic from public IP addresses?  I don't get it.  WAN is WAN.


  • Banned

    @Derelict:

    If it's a WAN port with a public IP, traffic from private networks shouldn't be forwarded to it.

    Tell that to my ISP…



  • Yeah - If ISPs were sane at all it would fix many problems.


  • LAYER 8 Netgate

    But what's the difference?  Unsolicited traffic is unsolicited traffic.  The default deny any any rule blocks it whether it's public or RFC1918.



  • some cable providers/modems send out private ip's by dhcp when the coax-line goes down …
    so then pfsense would get a private ip and might think it's gateway is online when it isnt


Log in to reply