4. Blocks any traffic in the FORWARD chain

Blocks any traffic in the FORWARD chain

  • N

    Hi every body

    I want to blocks any traffic from  the forward chain
    like this 'iptables -P FORWARD DROP'

    but I don't how to do this in pfsense
    thanks

    0
  • M

    By default PFS drops all traffic from the WAN side and allows all traffic from the LAN side. You don't say from where or how you want to drop packets, so I assume this is how you need it to be. Otherwise, you can remove the Default LAN -> any rule and put your own custom rules in place if that's what you mean.

    0
  • N

    thanks dear

    it's mean traffic that comes from my (V)LANs and is not destined for the router (pfsense) itself will NOT be forwarded

    • traffic that comes from outside networks and is destined for machines on your (V)LANs will NOT be forwarded (even when NATting)
    • to 'get through' the router now, users have to enable the proxy settings in their OS / browsers (default port 3128)
    0
  • C

    There are no concepts of chains in pf. Just configure your firewall rules accordingly to allow traffic to the proxy and block everything else.

    0
  • N

    thanks

    how can I do this to allow traffic to the proxy and block everything else.

    can you please give me a tutorial

    0

  • Just add a rule above your Allow All rule on your LAN and VLANs that blocks access to ports 80/443.  You can either use two rules (one for each port), or create a port alias for 80 & 443 then create one rule that blocks access to that alias as the destination port.

    0
  • N

    thanks dear

    Can you send me  a screenshot or a complete tutorial because I am not familiar very well with pfsese

    thanks

    0
  • LAYER 8 Netgate

    SMH dear

    0
  • N

    'iptables -P FORWARD DROP'

    I want to disable FORWARD Chain in Pfsense

    thanks

    0
  • M

    Here you go, darling:
    https://doc.pfsense.org/index.php/Example_basic_configuration

    0

  • Everyone: The use of terms of endearment are common with speakers from the Middle East.  While they may appears out of place to us in a technical discussion, please don't mock them for it.

    N.Vakili: See the diagram where I have created an alias called Web_Ports that holds 80 & 443.  The rule is placed above the Default allow LAN to any rule.  The effect of this rule is to block all access to the standard web ports.


    0
  • M

    @KOM:

    Everyone: The use of terms of endearment are common with speakers from the Middle East.  While they may appears out of place to us in a technical discussion, please don't mock them for it.

    Noted. Though in truth I thought this was more a Google-translate error and was really gently mocking what I thought was a technical mishap on their part.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy