On 7/2/06, Craig Silva <[EMAIL PROTECTED]> wrote:
Are there any example rule sets for a standard type firewall without the default rule that allows all lan sourced traffic (if there is such a thing) for a wan, lan and dmz type firewall?
That's certainly something we'd hoped people would do :) At this time, I'm not aware of any example rulesets.
iptables tracks the attributes new, established and related in relation to connections – does pfsense do this "automatically"?
I'm not sure what "related" does, but we certainly do keep state on traffic. A state entry is created for the SYN in a tcp packet that is allowed, all further packets in that flow are passed if they follow the RFCs and don't muck with sequence numbers, window sizes...etc
I only had a brief look at pf documentation as it was at the command line level and I couldn't map to the GUI rules – is it worth while going back to the pf docs which leads on to the next question what are the defaults built in to pfsense?
The rules are in /tmp/rules.debug - there's a large number of system generated rules, but you can see the set options we use and the user generated rules towards the bottom of the ruleset.
Related to the first question – do you need a rule to allow return traffic from an established connection?
Nope...state tables keep track of it all :) --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
