Project

General

Profile

Actions
Copy link

Todo #12770

open

Feedback on Firewall — Configuring firewall rules

Added by Marcos Mendoza 5 months ago. Updated 1 day ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Firewall Rules
Target version:
-
Start date:
Due date:
% Done:

50%

Estimated time:

Description

Page: https://docs.netgate.com/pfsense/en/latest/firewall/configure.html

Feedback:
After the Selecting Invert Match will text, there should be a warning block suggesting the avoidance of negating macros. See #6799 for more details.

Actions
Copy link
 #1

Updated by Marcos Mendoza 5 months ago

Example text:

Using Invert Match on macros such as LAN net can lead to undesired rule behavior when the interface also uses Virtual IPs. This is due to traffic matching against the interface network OR the VIPs. For example, given the rule pass on $LAN from any to ! $LAN_net, traffic destined to 192.168.0.100, a LAN_net of 192.168.0.0/24, and a VIP of 10.0.0.1/32, such traffic will still match the negate rule since the destination IP does not match the VIP.

Actions
Copy link
 #2

Updated by Chris W 1 day ago

  • % Done changed from 0 to 50
Actions
Copy link

Also available in: Atom PDF