The default firewall configuration of pfSense is: - LAN is allowed to go anywhere - WAN everyting blocked - OPTx everything blocked
When creating firewallrules you always allow traffic incoming at an interface. This will create 2 states for the connection (in, out) which then both will be allowed. If you want to look on the pf configuration the webgui creates go to diagnostics>edit file in the webgui and open "/tmp/rules.debug". There is no example ruleset or restrictive ruleset for any of the situations (DMZ, restrictive LAN, ...). You have to decide yourself what your DMZ should do or not and set it up. Holger -----Original Message----- From: Craig Silva [mailto:[EMAIL PROTECTED] Sent: Sunday, July 02, 2006 1:17 PM To: [email protected] Subject: [pfSense Support] Linux -> pfsense questions I have in the past used iptables on Debian. I have recently aquired a wrap with pfsense on it. Just trying to come to terms with the differences. So if someone could help with some answers to questions I haven't been able to glean from the docs (references to parts of the docs with relevant info also appreciated): Are there any example rule sets for a standard type firewall without the default rule that allows all lan sourced traffic (if there is such a thing) for a wan, lan and dmz type firewall? iptables tracks the attributes new, established and related in relation to connections - does pfsense do this "automatically"? I only had a brief look at pf documentation as it was at the command line level and I couldn't map to the GUI rules - is it worth while going back to the pf docs which leads on to the next question what are the defaults built in to pfsense? Related to the first question - do you need a rule to allow return traffic from an established connection? TIA Craig ---------------------------------- Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED] ____________ Virus checked by G DATA AntiVirusKit --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
