This video π https://youtu.be/lZjMxdBPH7M
YouTube π https://YouTube.GetMeTheGeek.com
Buy Me a Coffee β https://www.buymeacoffee.com/getmethegeek
Hire US for your Project π https://getmethegeek.com
- pfsense rule sets
- How to write firewall rules
- Setup firewall rules
- Setup NAT rules
Firewall rules do 3 different things with traffic.
- Pass - allows traffic to pass
- Reject - drops traffic and alerts traffic sender
- Block - drops traffic silently
When traffic, a packet arrives at an interface. That packet is checked against the firewall rules in order. When a rule is found that matches the rule action is taken (Pass, Reject or Block).
If no rule matches for the packet the packet will be blocked by default.
- When in doubt, use block
- Reject send a response to the sender
- This could alert an attacker that there is a firewall or device at the particular IP address and prompt them to scan all the ports for a hole or vulnerability.
- When you use Block the sender or attacker never gets a response. They don't know if there is something at the IP address not responding or if there is nothing there at all. The IP is less attractive to the attacker.
- Rule of thumb don't use reject on a WAN interface
- Reject will allow for faster failure for applications trying to connect. This can be good for applications on a LAN.
- Each interface has a separate rule set for incoming traffic
- Virtual interfaces such as VPN also have separate rule sets for incoming traffic
- Each Interface Group also has its own rule set
- Floating Rules
- Nat port forwarding rules
- Installed services can automatically add rules
pfsense evaluates rules in the following order:
- NAT rules
- Service rules
- Floating rules
- Interface Group and VPN rules
- Interface rules
- Order matters
- Rules are check one at a time in order from first to last
- Rule checking stops after the first match
- The rule you want might not ever get checked!
- Order rules from most specific to most general