Blocks any traffic in the FORWARD chain
-
Hi every body
I want to blocks any traffic from the forward chain
like this 'iptables -P FORWARD DROP'but I don't how to do this in pfsense
thanks
-
By default PFS drops all traffic from the WAN side and allows all traffic from the LAN side. You don't say from where or how you want to drop packets, so I assume this is how you need it to be. Otherwise, you can remove the Default LAN -> any rule and put your own custom rules in place if that's what you mean.
-
thanks dear
it's mean traffic that comes from my (V)LANs and is not destined for the router (pfsense) itself will NOT be forwarded
- traffic that comes from outside networks and is destined for machines on your (V)LANs will NOT be forwarded (even when NATting)
- to 'get through' the router now, users have to enable the proxy settings in their OS / browsers (default port 3128)
-
There are no concepts of chains in pf. Just configure your firewall rules accordingly to allow traffic to the proxy and block everything else.
-
thanks
how can I do this to allow traffic to the proxy and block everything else.
can you please give me a tutorial
-
Just add a rule above your Allow All rule on your LAN and VLANs that blocks access to ports 80/443. You can either use two rules (one for each port), or create a port alias for 80 & 443 then create one rule that blocks access to that alias as the destination port.
-
thanks dear
Can you send me a screenshot or a complete tutorial because I am not familiar very well with pfsese
thanks
-
SMH dear
-
'iptables -P FORWARD DROP'
I want to disable FORWARD Chain in Pfsense
thanks
-
Here you go, darling:
https://doc.pfsense.org/index.php/Example_basic_configuration
-
Everyone: The use of terms of endearment are common with speakers from the Middle East. While they may appears out of place to us in a technical discussion, please don't mock them for it.
N.Vakili: See the diagram where I have created an alias called Web_Ports that holds 80 & 443. The rule is placed above the Default allow LAN to any rule. The effect of this rule is to block all access to the standard web ports.
-
@KOM:
Everyone: The use of terms of endearment are common with speakers from the Middle East. While they may appears out of place to us in a technical discussion, please don't mock them for it.
Noted. Though in truth I thought this was more a Google-translate error and was really gently mocking what I thought was a technical mishap on their part.
