Pfsense firewall configuration file

  • Good day.
    I'm new in using pfSense.

    There's a task to configure my gateway with pfSense to pass traffic to internet from inside only using definite ports: 80, 81, 21, and others. Squid is configured as transparent proxy, listening at 3128 port.
    In common, I want to block any outbound traffic except the one, using definite ports.

    I tried to look for rules in /etc/pf.conf file, but all strings in that file are marked as comments.

    Help please (;
    What file consists firewall rules to configure? Or how can I do the same task through pfSense WEB-console.

  • Rules for the LAN interface can be found in the LAN section of the Firewall menu on the GUI - it's all pretty obvious if you look ;)

  • I created a rule for LAN interface:

    but this one isn't working… from inside hosts I can browse internet using http protocol

  • Rebel Alliance Moderator

    Do you use Multi-WAN or sth alike? If not, your gateway setting may be wrong. You only need to set a specific gateway when using policy based routing. In any other case your rule should read a * in the gateway cell.

  • I use 1 WAN & 1 LAN interface - as usual gateway.
    I have set * in gateway field. But all users still have access to web-pages.

    What's with "Disable webGUI anti-lockout rule" ? Should I enable this option or there's no need?

  • Rebel Alliance Moderator

    You can try first with some port other that 80 (e.g. 443 or 25) and test if that rule works. It should work with the given settings and * as gateway though. Before you check the "disable anti-lockout rule" box, make sure you have a rule in place to access the webgui from a specific ip or the complete net (destination: lan address) or you will lock yourself out of the webgui completely.

Log in to reply