> From: Joseph L. Casale [mailto:[email protected]] > Sent: July 27, 2009 1:14 PM > > I am familiar with PIX/ASA and iptables which I am seeing > don't quite share the same rules as pfSense. > > If I have a vlan and or opt interface that I am routing > traffic into from the LAN interface, is there a way to write > one rule on the OPT interface such that new/established > traffic from the LAN interface is allowed back through? > > On the lan interface, it seems that if I write a rule letting > one host pass a tcp port over to a host in opt1, everything > else is blocked (as expected). But same goes for the OPT > interface, if I understand this correctly, I need to write a > specific rule to allow that traffic to return? > So if that's the case, how do I craft the rule such that > replies only can return, so the host in OPT can't initiate > connections out to LAN even the one host that can initiate to it? > > Thanks! > jlc > pfSense applies rules when packets enter Interface. You do not need a rule for packets to return. If return packet belongs to established connectioin it is allowed.
Eugene --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
