Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Do my rules appear to be sane?

    Firewalling
    2
    6
    578
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Trel last edited by

      I should add that I have a floating block + don't log for IPv6 which is why my final allow any is only IPv4.

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        Your very first rule matches everything so nothing beneath that does anything at all.

        1 Reply Last reply Reply Quote 0
        • T
          Trel last edited by

          @cmb:

          Your very first rule matches everything so nothing beneath that does anything at all.

          When I edit that rule, it says Destination: OPT7.
          It looks like it didn't remove that rule when I removed the interface.

          It wasn't a wildcard.  The blocks still worked, so it looks like it was just UI.
          Other than that, are they sane?

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            Ah, yeah in that case it wouldn't have been in the ruleset at all.

            Other than that, seems sane.

            1 Reply Last reply Reply Quote 0
            • T
              Trel last edited by

              @cmb:

              Ah, yeah in that case it wouldn't have been in the ruleset at all.

              Other than that, seems sane.

              Ok, cool, thanks.
              I have a few oddities in NAT (such I have the firewall listening for HTTPs on a nonstandard port, but an internal NAT rule for port 443.
              I wanted to make sure I had the LAN side of the rules looking ok (as the NAT rules are working exactly how I wanted).

              1 Reply Last reply Reply Quote 0
              • T
                Trel last edited by

                I redid my LAN rules once I found out I could nest aliases, could I possibly as for just a quick spot check again to rule out any brainfarts?
                (blacked out port at the top is publicly accessible and non-standard (hurrah security through obscurity!))


                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy