Differences

This shows you the differences between two versions of the page.

--- pfsense:install_pfsense:create_firewall_rules [2021/01/05 18:12] – peter
+++ pfsense:install_pfsense:create_firewall_rules [2022/10/20 09:12] (current) – [IOT Firewall Rules] peter
@@ Line 12: / Line 12: @@
 ====== LAN Firewall Rules ======
+Navigate to **Firewall -> Rules -> LAN**.
 LAN Firewall rules will cover:
@@ Line 79: / Line 81: @@
 ====== CLEAR Firewall Rules ======
+Navigate to **Firewall -> Rules -> CLEAR**.
 The requirements for this interface are:
@@ Line 142: / Line 146: @@
 ====== IOT Firewall Rules ======
+Navigate to **Firewall -> Rules -> IOT**.
 IOT devices should be prevented from accessing anything that is not-essential to them.
@@ Line 395: / Line 401: @@
   * Source:  **GUEST net**.
   * Destination:
-    * Invert match:  **Checked**.
+    * Invert match:  **Not Checked**.
     * **Single host or alias**.
     * Address:  **LOCAL_SUBNETS**.
@@ Line 401: / Line 407: @@
     * From: **Any**.
     * To:  **Any**.
-  * Log:  **Not Checked**.
+  * Log:  **Checked**.
   * Description:  **GUEST - Reject internal interfaces**.
   * Click **Save**.
@@ Line 416: / Line 422: @@
   * Interface:  **GUEST**
   * Address Family:  **IPv4**.
-  * Protocol:  **TCP/UDP**
+  * Protocol:  **any**
   * Source:  **GUEST net**.
-  * Destination
+  * Destination:  **any**.
-    * Invert match:  **Checked**.
-    * **Single host or alias**.
-    * Address:  **LOCAL_SUBNETS**.
-  * Destination Port Range:
-    * From:  **Any**.
-    * To:  **Any**.
   * Log:  **Not Checked**.
-  * Description:  **GUEST - Pass WAN**.
+  * Description:  **Allow GUEST to any**.
   * Click **Save**.
@@ Line 436: / Line 436: @@
 ----
-===== Block unknown IPv4 =====
+The final ruleset for the GUEST will be:
-  * Click **↴+Add**
+{{:pfsense:install_pfsense:pfsense_-_firewall_-_rules_-_guest.png?800|}}
-  * Action:  **Reject**.
-  * Disabled:  **Not Checked**.
-  * Interface:  **GUEST**.
-  * Address Family:  **IPv4**.
-  * Protocol:  **Any**.
-  * Source =  **Any**.
-  * Destination:  **Any**.
-  * Log:  **Checked**.
-  * Description:  **GUEST - Block IPv4**.
-  * Click **Save**.
-<WRAP info>
-**NOTE:**  Reject is used rather than block on internal interfaces to provide a response to any programs trying to send traffic preventing delays associated with waiting for time outs to occur.
-</WRAP>
-----
-===== Block unknown IPv6 =====
-  * Click **↴+Add**.
-  * Action:  **Reject**.
-  * Disabled:  **Not Checked**.
-  * Interface:  **GUEST**.
-  * Address Family:  **IPv6**.
-  * Protocol:  **Any**.
-  * Source:  **Any**.
-  * Destination:  **Any**.
-  * Log:  **Not Checked**.
-  * Description:  **GUEST - Block IPv6**.
-  * Click **Save**.
-<WRAP info>
-**NOTE:**  Reject is used rather than block on internal interfaces to provide a response to any programs trying to send traffic preventing delays associated with waiting for time outs to occur.
-</WRAP>
 ----