Pfsense firewall configuration file
-
Good day.
I'm new in using pfSense.There's a task to configure my gateway with pfSense to pass traffic to internet from inside only using definite ports: 80, 81, 21, and others. Squid is configured as transparent proxy, listening at 3128 port.
In common, I want to block any outbound traffic except the one, using definite ports.I tried to look for rules in /etc/pf.conf file, but all strings in that file are marked as comments.
Help please (;
What file consists firewall rules to configure? Or how can I do the same task through pfSense WEB-console. -
Rules for the LAN interface can be found in the LAN section of the Firewall menu on the GUI - it's all pretty obvious if you look ;)
-
I created a rule for LAN interface:
but this one isn't working… from inside hosts I can browse internet using http protocol
-
Do you use Multi-WAN or sth alike? If not, your gateway setting may be wrong. You only need to set a specific gateway when using policy based routing. In any other case your rule should read a * in the gateway cell.
-
I use 1 WAN & 1 LAN interface - as usual gateway.
I have set * in gateway field. But all users still have access to web-pages.What's with "Disable webGUI anti-lockout rule" ? Should I enable this option or there's no need?
-
You can try first with some port other that 80 (e.g. 443 or 25) and test if that rule works. It should work with the given settings and * as gateway though. Before you check the "disable anti-lockout rule" box, make sure you have a rule in place to access the webgui from a specific ip or the complete net (destination: lan address) or you will lock yourself out of the webgui completely.