Re: [pfSense] pfsense rules

Thu, 08 Dec 2016 09:07:15 -0800 

I knew the rules were processed in order, but didn't think about doing it
this way.
Thanx !


--
                         !!!!!
                       ( o o )
 --------------oOO----(_)----OOo--------------
   Luc Paulin
   email: paulinster(at)gmail.com
   Skype: paulinster


2016-12-08 11:57 GMT-05:00 Moshe Katz <[email protected]>:

> Remember that rules are processed in order. Given that fact, here's one way
> to do what you want.
>
> First, put in any rules that ALLOW specific traffic from LAN to OPT2.
> Then, put in a rule to DENY ALL TRAFFIC from LAN to OPT2.
> Finally, put the rule to ALLOW ALL TRAFFIC from LAN to ANYWHERE.
>
> This is exactly what we have done for our guest WiFi network to allow users
> on the WiFi to access the Internet and all of the public services that run
> on our internal network.
>
> Moshe
>
> --
> Moshe Katz
> -- [email protected]
> -- +1(301)867-3732
>
> On Thu, Dec 8, 2016 at 11:51 AM, Luc Paulin <[email protected]> wrote:
>
> > Hi Everyone,
> > I am curently to look at migrating rules from our iptable/fwbuilder
> system
> > to pfsense.  But now I am facing an issue.
> >
> > I need to grant internet access from LAN to WAN, so I created a rule PASS
> > ANY on the LAN interface.  However this cause an issues because I want to
> > have specific allowance rule from LAN to OPT2. Look like the preceding
> rule
> > wil also grant access from LAN to OPT2, as well to other interface.
> >
> > I am sure that this can restricted, but can't find an example from doc
> page
> > on website.
> >
> > Thanx again for all your help
> >
> >
> > --
> >                          !!!!!
> >                        ( o o )
> >  --------------oOO----(_)----OOo--------------
> >    Luc Paulin
> >    email: paulinster(at)gmail.com
> >    Skype: paulinster
> > _______________________________________________
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Reply via email to