On 7/2/06, Craig Silva <[EMAIL PROTECTED]> wrote:
Are there any example rule sets for a standard type firewall without the
default rule that allows all lan sourced traffic (if there is such a thing)
for a wan, lan and dmz type firewall?

That's certainly something we'd hoped people would do :)  At this
time, I'm not aware of any example rulesets.

iptables tracks the attributes new, established and related in relation to
connections – does pfsense do this "automatically"?

I'm not sure what "related" does, but we certainly do keep state on
traffic.  A state entry is created for the SYN in a tcp packet that is
allowed, all further packets in that flow are passed if they follow
the RFCs and don't muck with sequence numbers, window sizes...etc

I only had a brief look at pf documentation as it was at the command line
level and I couldn't map to the GUI rules – is it worth while going back to
the pf docs which leads on to the next question
what are the defaults built in to pfsense?

The rules are in /tmp/rules.debug - there's a large number of system
generated rules, but you can see the set options we use and the user
generated rules towards the bottom of the ruleset.

Related to the first question – do you need a rule to allow return traffic
from an established connection?

Nope...state tables keep track of it all :)

--Bill

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to