Why is block private networks enabled by default on WAN?
-
Why is Block private networks enabled by default on WAN?
If it's a WAN port with a public IP, traffic from private networks shouldn't be forwarded to it.
If the WAN is on a private network, it does nothing but cause problems.
If a WAN port has a private IP address, block traffic from private addresses but if a WAN port has a public IP address, allow traffic from public IP addresses? I don't get it. WAN is WAN.
-
If it's a WAN port with a public IP, traffic from private networks shouldn't be forwarded to it.
Tell that to my ISP…
-
Yeah - If ISPs were sane at all it would fix many problems.
-
But what's the difference? Unsolicited traffic is unsolicited traffic. The default deny any any rule blocks it whether it's public or RFC1918.
-
some cable providers/modems send out private ip's by dhcp when the coax-line goes down …
so then pfsense would get a private ip and might think it's gateway is online when it isnt