The default firewall configuration of pfSense is:
- LAN is allowed to go anywhere
- WAN everyting blocked
- OPTx everything blocked

When creating firewallrules you always allow traffic incoming at an interface. 
This will create 2 states for the connection (in, out) which then both will be 
allowed.

If you want to look on the pf configuration the webgui creates go to 
diagnostics>edit file in the webgui and open "/tmp/rules.debug".

There is no example ruleset or restrictive ruleset for any of the situations 
(DMZ, restrictive LAN, ...). You have to decide yourself what your DMZ should 
do or not and set it up.

Holger


-----Original Message-----
From: Craig Silva [mailto:[EMAIL PROTECTED]
Sent: Sunday, July 02, 2006 1:17 PM
To: [email protected]
Subject: [pfSense Support] Linux -> pfsense questions


I have in the past used iptables on Debian. I have recently aquired a wrap with 
pfsense on it.
 
Just trying to come to terms with the differences.
 
So if someone could help with some answers to questions I haven't been able to 
glean from the docs (references to parts of the docs with relevant info also 
appreciated):
 
Are there any example rule sets for a standard type firewall without the 
default rule that allows all lan sourced traffic (if there is such a thing) for 
a wan, lan and dmz type firewall? 
iptables tracks the attributes new, established and related in relation to 
connections - does pfsense do this "automatically"? 
I only had a brief look at pf documentation as it was at the command line level 
and I couldn't map to the GUI rules - is it worth while going back to the pf 
docs which leads on to the next question 
what are the defaults built in to pfsense? 
Related to the first question - do you need a rule to allow return traffic from 
an established connection? 
 
TIA
 
Craig
 
----------------------------------
Craig Silva. IT Manager.
ABX Logistics, Australia. 
http://www.abxlogistics.com.au
9 Trade Park Dve. Tullamarine. Vic. 3043
Tel: +61 3 9 335 8250, Mob: 0408408748
email: [EMAIL PROTECTED]
 

____________
Virus checked by G DATA AntiVirusKit


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to