Pfsense firewall configuration file

ppuser · Jun 20, 2008, 9:05 AM

Good day.
I'm new in using pfSense.

There's a task to configure my gateway with pfSense to pass traffic to internet from inside only using definite ports: 80, 81, 21, and others. Squid is configured as transparent proxy, listening at 3128 port.
In common, I want to block any outbound traffic except the one, using definite ports.

I tried to look for rules in /etc/pf.conf file, but all strings in that file are marked as comments.

Help please (;
What file consists firewall rules to configure? Or how can I do the same task through pfSense WEB-console.

Cry Havok · Jun 20, 2008, 6:24 PM

Rules for the LAN interface can be found in the LAN section of the Firewall menu on the GUI - it's all pretty obvious if you look ;)

ppuser · Jun 23, 2008, 8:24 AM

I created a rule for LAN interface:

but this one isn't working… from inside hosts I can browse internet using http protocol

JeGr · Jun 23, 2008, 8:41 AM

Do you use Multi-WAN or sth alike? If not, your gateway setting may be wrong. You only need to set a specific gateway when using policy based routing. In any other case your rule should read a * in the gateway cell.

ppuser · Jun 23, 2008, 9:11 AM

I use 1 WAN & 1 LAN interface - as usual gateway.
I have set * in gateway field. But all users still have access to web-pages.

What's with "Disable webGUI anti-lockout rule" ? Should I enable this option or there's no need?

JeGr · Jun 23, 2008, 2:09 PM

You can try first with some port other that 80 (e.g. 443 or 25) and test if that rule works. It should work with the given settings and * as gateway though. Before you check the "disable anti-lockout rule" box, make sure you have a rule in place to access the webgui from a specific ip or the complete net (destination: lan address) or you will lock yourself out of the webgui completely.