Re: [pfSense] Default pass rules in pfSense

2017-11-15 Thread Lorenz Schori 
Hi,

On Wed, 15 Nov 2017 12:44:51 -0300
Roberto Carna  wrote:

> Oliver, I ask about the opposite that you explain to me:
> 
> Everthing going out from WAN to Internet is allowed ???
> 
> In accordance with my tests, yes...and if I add an explicit rule it
> doesn't block a given outgoing traffic.
> 
> In the affirmative case, how can I disable the default OUTGOING pass
> rules in WAN interface ???

Rules on interfaces are filtering inbound traffic, see:
https://doc.pfsense.org/index.php/Firewall_Rule_Basics

Normally thats enough. If you like to deny certain/all outbound traffic
you simply add those rules to the LAN interface.

If that is not enough, then you need to use floating rules. Those allow
you to specify the direction (inbound vs outbound).
https://doc.pfsense.org/index.php/What_are_Floating_Rules

Cheers,
Lo
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Default pass rules in pfSense

2017-11-15 Thread Roberto Carna 
Oliver, I ask about the opposite that you explain to me:

Everthing going out from WAN to Internet is allowed ???

In accordance with my tests, yes...and if I add an explicit rule it
doesn't block a given outgoing traffic.

In the affirmative case, how can I disable the default OUTGOING pass
rules in WAN interface ???

Thanks a lot again !!!

2017-11-15 12:29 GMT-03:00 Oliver Hansen :
> By default, everything coming IN on the WAN is blocked but everything
> coming IN on the LAN from the LAN network is allowed. You can easily remove
> this rule on the LAN interface if you want.
>
> On Nov 15, 2017 7:20 AM, "Roberto Carna"  wrote:
>
> People, I'm new at pfSense and I'm seeing that there are implicit
> default pass rules.
>
> For example, without editing a new user rule in the firewall, I can
> send mails from my WAN interface to Internet. I was wrong because I
> thought the default behaviour was to deny all the traffic unless I
> permit what I want.
>
> Is it possible to turn the default pass rules off in order to control
> all the traffic manually by the user rules ???
>
> THanks a lot.
>
> ROBERT
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Default pass rules in pfSense

2017-11-15 Thread Oliver Hansen 
By default, everything coming IN on the WAN is blocked but everything
coming IN on the LAN from the LAN network is allowed. You can easily remove
this rule on the LAN interface if you want.

On Nov 15, 2017 7:20 AM, "Roberto Carna"  wrote:

People, I'm new at pfSense and I'm seeing that there are implicit
default pass rules.

For example, without editing a new user rule in the firewall, I can
send mails from my WAN interface to Internet. I was wrong because I
thought the default behaviour was to deny all the traffic unless I
permit what I want.

Is it possible to turn the default pass rules off in order to control
all the traffic manually by the user rules ???

THanks a lot.

ROBERT
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Default pass rules in pfSense

2017-11-15 Thread Roberto Carna 
People, I'm new at pfSense and I'm seeing that there are implicit
default pass rules.

For example, without editing a new user rule in the firewall, I can
send mails from my WAN interface to Internet. I was wrong because I
thought the default behaviour was to deny all the traffic unless I
permit what I want.

Is it possible to turn the default pass rules off in order to control
all the traffic manually by the user rules ???

THanks a lot.

ROBERT
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold