It's a bunch of trial and error but it helps lock down your outbound traffic. I then went in and manually added the ports that I use. I did this by making a new "Alias" (Firewall –> Aliases) and creating one alias called "Allowed TCP ports" and another called "Allowed UDP ports" then a couple firewall allow rules that refer to those aliases. A better practice to lock things down is to only allow traffic to the ports that you use, like 80/tcp, 443/tcp, 53/udp (DNS), and whatever other services you use in your environment. Those rules allow all traffic out, but it's your quickest path to victory right now.
There's one called "Default allow LAN to any rule" and another called "Default allow LAN IPv6 to any rule." You can create new rules on your Wi-Fi interface that look similar to those rules but change the source IP to "WiFi net" instead of "LAN net" obviously (or whatever your named your WAP/WLAN/Wireless interface). Out of the box, you can look at the LAN interface for two example rules.
pfSense uses "default deny," so everything is blocked until a firewall rule allows it through. I need to configure a rule in the Firewall | Rules menu for internet access, and if so, what would the rule look like?
0 kommentar(er)
