Re: [pfSense] Default pass rules in pfSense
Hi, On Wed, 15 Nov 2017 12:44:51 -0300 Roberto Carnawrote: > Oliver, I ask about the opposite that you explain to me: > > Everthing going out from WAN to Internet is allowed ??? > > In accordance with my tests, yes...and if I add an explicit rule it > doesn't block a given outgoing traffic. > > In the affirmative case, how can I disable the default OUTGOING pass > rules in WAN interface ??? Rules on interfaces are filtering inbound traffic, see: https://doc.pfsense.org/index.php/Firewall_Rule_Basics Normally thats enough. If you like to deny certain/all outbound traffic you simply add those rules to the LAN interface. If that is not enough, then you need to use floating rules. Those allow you to specify the direction (inbound vs outbound). https://doc.pfsense.org/index.php/What_are_Floating_Rules Cheers, Lo ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Default pass rules in pfSense
Oliver, I ask about the opposite that you explain to me: Everthing going out from WAN to Internet is allowed ??? In accordance with my tests, yes...and if I add an explicit rule it doesn't block a given outgoing traffic. In the affirmative case, how can I disable the default OUTGOING pass rules in WAN interface ??? Thanks a lot again !!! 2017-11-15 12:29 GMT-03:00 Oliver Hansen: > By default, everything coming IN on the WAN is blocked but everything > coming IN on the LAN from the LAN network is allowed. You can easily remove > this rule on the LAN interface if you want. > > On Nov 15, 2017 7:20 AM, "Roberto Carna" wrote: > > People, I'm new at pfSense and I'm seeing that there are implicit > default pass rules. > > For example, without editing a new user rule in the firewall, I can > send mails from my WAN interface to Internet. I was wrong because I > thought the default behaviour was to deny all the traffic unless I > permit what I want. > > Is it possible to turn the default pass rules off in order to control > all the traffic manually by the user rules ??? > > THanks a lot. > > ROBERT > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Default pass rules in pfSense
By default, everything coming IN on the WAN is blocked but everything coming IN on the LAN from the LAN network is allowed. You can easily remove this rule on the LAN interface if you want. On Nov 15, 2017 7:20 AM, "Roberto Carna"wrote: People, I'm new at pfSense and I'm seeing that there are implicit default pass rules. For example, without editing a new user rule in the firewall, I can send mails from my WAN interface to Internet. I was wrong because I thought the default behaviour was to deny all the traffic unless I permit what I want. Is it possible to turn the default pass rules off in order to control all the traffic manually by the user rules ??? THanks a lot. ROBERT ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Default pass rules in pfSense
People, I'm new at pfSense and I'm seeing that there are implicit default pass rules. For example, without editing a new user rule in the firewall, I can send mails from my WAN interface to Internet. I was wrong because I thought the default behaviour was to deny all the traffic unless I permit what I want. Is it possible to turn the default pass rules off in order to control all the traffic manually by the user rules ??? THanks a lot. ROBERT ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold