Rule Set



  • Hi all,

    In the WAN, I have three rule sets.

    1. accept, udp, any, any
    2. accept, tcp, any, any
    3. accept, tcp/udp, any, any

    Is it any good way to classify which rule set is hit by my packet? (for example: iptables -Lv). I tried to use command "pfctl -vvsv", it is not easily to read.

    Please advise.

    Thanks,
    Tom



  • @tomli:

    In the WAN, I have three rule sets.

    1. accept, udp, any, any
    2. accept, tcp, any, any
    3. accept, tcp/udp, any, any

    First of all : why ? what are you trying to do ?
    This is so new, that even 'experts' won't be able to advise you …

    Normally ™ you have can have some rules on the WAN interface, that work together with some NAT rules so some devices on your LAN are accessible from the outside (the Internet).

    Btw : you found out that FreeBSD isn't 'linux' ;) ('iptables').



  • You realize that rules on WAN only affect unsolicited traffic coming into your WAN from the Internet?  Generally you do NOT put rules on WAN except to allow port forwards (for example) like Gertjan said.

    What is it that you're really trying to do?



  • Hi,

    Indeed, my firewall have a lot of rule sets which were configured by former colleagues. Now, I need to remove some rule set which are not use for a long time (or duplicated rule set).

    Thanks.



  • At some point someone will say "please post screen shots of WAN, LAN, Floating, NAT rules. What packages are installed"



  • I'd be happy of he would just answer the simple questions he's being asked, such as What is it that you're really trying to do?


Log in to reply