date:20161208

Re: [pfSense] pfsense rules

2016-12-08 Thread Luc Paulin

I knew the rules were processed in order, but didn't think about doing it
this way.
Thanx !


--
 !
   ( o o )
 --oOO(_)OOo--
   Luc Paulin
   email: paulinster(at)gmail.com
   Skype: paulinster


2016-12-08 11:57 GMT-05:00 Moshe Katz :

> Remember that rules are processed in order. Given that fact, here's one way
> to do what you want.
>
> First, put in any rules that ALLOW specific traffic from LAN to OPT2.
> Then, put in a rule to DENY ALL TRAFFIC from LAN to OPT2.
> Finally, put the rule to ALLOW ALL TRAFFIC from LAN to ANYWHERE.
>
> This is exactly what we have done for our guest WiFi network to allow users
> on the WiFi to access the Internet and all of the public services that run
> on our internal network.
>
> Moshe
>
> --
> Moshe Katz
> -- mo...@ymkatz.net
> -- +1(301)867-3732
>
> On Thu, Dec 8, 2016 at 11:51 AM, Luc Paulin  wrote:
>
> > Hi Everyone,
> > I am curently to look at migrating rules from our iptable/fwbuilder
> system
> > to pfsense.  But now I am facing an issue.
> >
> > I need to grant internet access from LAN to WAN, so I created a rule PASS
> > ANY on the LAN interface.  However this cause an issues because I want to
> > have specific allowance rule from LAN to OPT2. Look like the preceding
> rule
> > wil also grant access from LAN to OPT2, as well to other interface.
> >
> > I am sure that this can restricted, but can't find an example from doc
> page
> > on website.
> >
> > Thanx again for all your help
> >
> >
> > --
> >  !
> >( o o )
> >  --oOO(_)OOo--
> >Luc Paulin
> >email: paulinster(at)gmail.com
> >Skype: paulinster
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense rules

2016-12-08 Thread Moshe Katz

Remember that rules are processed in order. Given that fact, here's one way
to do what you want.

First, put in any rules that ALLOW specific traffic from LAN to OPT2.
Then, put in a rule to DENY ALL TRAFFIC from LAN to OPT2.
Finally, put the rule to ALLOW ALL TRAFFIC from LAN to ANYWHERE.

This is exactly what we have done for our guest WiFi network to allow users
on the WiFi to access the Internet and all of the public services that run
on our internal network.

Moshe

--
Moshe Katz
-- mo...@ymkatz.net
-- +1(301)867-3732

On Thu, Dec 8, 2016 at 11:51 AM, Luc Paulin  wrote:

> Hi Everyone,
> I am curently to look at migrating rules from our iptable/fwbuilder system
> to pfsense.  But now I am facing an issue.
>
> I need to grant internet access from LAN to WAN, so I created a rule PASS
> ANY on the LAN interface.  However this cause an issues because I want to
> have specific allowance rule from LAN to OPT2. Look like the preceding rule
> wil also grant access from LAN to OPT2, as well to other interface.
>
> I am sure that this can restricted, but can't find an example from doc page
> on website.
>
> Thanx again for all your help
>
>
> --
>  !
>( o o )
>  --oOO(_)OOo--
>Luc Paulin
>email: paulinster(at)gmail.com
>Skype: paulinster
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense rules

2016-12-08 Thread Freund, Ingo

put the more restrictive rules before the "allow any" rule.

- Ingo

> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Luc Paulin
> Sent: Thursday, December 08, 2016 5:51 PM
> To: pfSense Support and Discussion Mailing List
> Subject: [pfSense] pfsense rules
> 
> Hi Everyone,
> I am curently to look at migrating rules from our iptable/fwbuilder system
> to pfsense.  But now I am facing an issue.
> 
> I need to grant internet access from LAN to WAN, so I created a rule PASS
> ANY on the LAN interface.  However this cause an issues because I want to
> have specific allowance rule from LAN to OPT2. Look like the preceding rule
> wil also grant access from LAN to OPT2, as well to other interface.
> 
> I am sure that this can restricted, but can't find an example from doc page
> on website.
> 
> Thanx again for all your help
> 
> 
> --
>  !
>( o o )
>  --oOO(_)OOo--
>Luc Paulin
>email: paulinster(at)gmail.com
>Skype: paulinster
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] pfsense rules

2016-12-08 Thread Luc Paulin

Hi Everyone,
I am curently to look at migrating rules from our iptable/fwbuilder system
to pfsense.  But now I am facing an issue.

I need to grant internet access from LAN to WAN, so I created a rule PASS
ANY on the LAN interface.  However this cause an issues because I want to
have specific allowance rule from LAN to OPT2. Look like the preceding rule
wil also grant access from LAN to OPT2, as well to other interface.

I am sure that this can restricted, but can't find an example from doc page
on website.

Thanx again for all your help


--
 !
   ( o o )
 --oOO(_)OOo--
   Luc Paulin
   email: paulinster(at)gmail.com
   Skype: paulinster
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Two factor Authentication

2016-12-08 Thread Eero Volotinen

Just configure radius with two factor authentication and point
authentication server to it:

sample how to configure two factor radius under linux:

http://www.supertechguy.com/help/security/freeradius-google-auth

I am using it with minor modifications for vpn and console+gui
authentication..

--
Eero



2016-12-08 17:04 GMT+02:00 RB :

> On Thu, Dec 8, 2016 at 2:33 AM, user49b  wrote:
> > Any idea's on how to get two factor authentication to work in console
> and/or
> > GUI?
>
> Should be pretty simple.  Point the system to third-party
> authentication (say, AD).  Configure that third-party option to use
> 2-factor.  Enter your username, password, a separator (usually comma)
> and your token value.  Done.  No need for three fields.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Two factor Authentication

2016-12-08 Thread RB

On Thu, Dec 8, 2016 at 2:33 AM, user49b  wrote:
> Any idea's on how to get two factor authentication to work in console and/or
> GUI?

Should be pretty simple.  Point the system to third-party
authentication (say, AD).  Configure that third-party option to use
2-factor.  Enter your username, password, a separator (usually comma)
and your token value.  Done.  No need for three fields.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Two factor Authentication

2016-12-08 Thread user49b


Hi

Any idea's on how to get two factor authentication to work in console 
and/or GUI?


Regards
Chris




___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfsense rules

Re: [pfSense] pfsense rules

Re: [pfSense] pfsense rules

[pfSense] pfsense rules

Re: [pfSense] Two factor Authentication

Re: [pfSense] Two factor Authentication

[pfSense] Two factor Authentication

7 matches

Site Navigation

Mail list logo

Footer information