If you speak only about WAN and LAN, yes, but if you have other
interfaces interested all changes.
You could enable a service on the OPT1, available to all existing
interfaces.
So in this case, floating rule would permit any 'OUT' connection to that
service offered inside OPT1.
This permit you to avoid adding an incoming rule for every existing
interface.
Tonino
Il 15/12/2011 15:50, Seb ha scritto:
...or the WAN interface and 'out'? Is that not the same as LAN
interface and 'in'? And if you are selecting all interfaces, then
surely the direction would have no effect? Because it would either
match on the LAN side, or the WAN side... Or am I just not getting
what 'out' rules are for?
Kind regards,
Seb
------------------------------------------------------------------------
*From:* list-boun...@lists.pfsense.org
[mailto:list-boun...@lists.pfsense.org] *On Behalf Of *Fuchs,
Martin martin.fuchs-at-trendchiller.com |pfSense/Allow + Forward
to Syntec|
*Sent:* 15 December 2011 13:30
*To:* s...@syntec.co.uk; pfSense support and discussion
*Subject:* Re: [pfSense] 'direction' of firewall rules for
floating rules?
Hi !
Yes, the direction has some relevance for the floating rules,
because when the direction is wrong, the packets will not pass
the firewall...
When you want to allow a packet to pass the firewall from the LAN
side to the WAN side you have to select the LAN interface and as
direction you have to select "in" (from the view of the firewall)
Regards,
martin
*Von:*list-boun...@lists.pfsense.org
[mailto:list-boun...@lists.pfsense.org] *Im Auftrag von *Seb
*Gesendet:* Donnerstag, 15. Dezember 2011 14:06
*An:* 'pfSense support and discussion'
*Betreff:* [pfSense] 'direction' of firewall rules for floating rules?
Hi list,
Does the 'direction' of a firewall rule have any relevance for
floating rules? I can't find any explanation for what direction
means in the docs, even when it applies to individual interfaces
(where I can see what it might mean), but for floating rules that
apply to all interfaces - I don't suppose it changes much?
Perhaps just affects connections from the firewall itself if you
have it set to out but not in?
pfSense 2.0
Kind regards,
Seb
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
--
------------------------------------------------------------
Inter@zioni Interazioni di Antonio Nati
http://www.interazioni.it to...@interazioni.it
------------------------------------------------------------
_______________________________________________
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
