Normally (at least in pfSense) traffic is blocked on the incoming interface. The LAN interface has "default LAN to any" rules for IPv4 and IPv6. The traffic originating on WAN (which it sounds like you're asking about, and would by definition be the pfSense itself) is already on the Internet side? Normally most times one wants to block a PC on the LAN from accessing something so just disable those rules. Then of course add some for allowing from LAN to any, port 443, or whatever.
-- Steve Yates ITS, Inc. -----Original Message----- From: List [mailto:[email protected]] On Behalf Of Roberto Carna Sent: Wednesday, November 15, 2017 9:45 AM To: pfSense Support and Discussion Mailing List <[email protected]> Subject: Re: [pfSense] Default pass rules in pfSense Oliver, I ask about the opposite that you explain to me: Everthing going out from WAN to Internet is allowed ??? In accordance with my tests, yes...and if I add an explicit rule it doesn't block a given outgoing traffic. In the affirmative case, how can I disable the default OUTGOING pass rules in WAN interface ??? Thanks a lot again !!! 2017-11-15 12:29 GMT-03:00 Oliver Hansen <[email protected]>: > By default, everything coming IN on the WAN is blocked but everything > coming IN on the LAN from the LAN network is allowed. You can easily remove > this rule on the LAN interface if you want. > > On Nov 15, 2017 7:20 AM, "Roberto Carna" <[email protected]> wrote: > > People, I'm new at pfSense and I'm seeing that there are implicit > default pass rules. > > For example, without editing a new user rule in the firewall, I can > send mails from my WAN interface to Internet. I was wrong because I > thought the default behaviour was to deny all the traffic unless I > permit what I want. > > Is it possible to turn the default pass rules off in order to control > all the traffic manually by the user rules ??? > > THanks a lot. > > ROBERT > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
