Project

General

Profile

Actions
Copy link

Todo #12770

closed

Feedback on Firewall — Configuring firewall rules

Added by Marcos M almost 3 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Jim Pingle
Category:
Firewall Rules
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:

Description

Page: https://docs.netgate.com/pfsense/en/latest/firewall/configure.html

Feedback:
After the Selecting Invert Match will text, there should be a warning block suggesting the avoidance of negating macros. See #6799 for more details.

Actions
Copy link
 #1

Updated by Marcos M almost 3 years ago

Example text:

Using Invert Match on macros such as LAN net can lead to undesired rule behavior when the interface also uses Virtual IPs. This is due to traffic matching against the interface network OR the VIPs. For example, given the rule pass on $LAN from any to ! $LAN_net, traffic destined to 192.168.0.100, a LAN_net of 192.168.0.0/24, and a VIP of 10.0.0.1/32, such traffic will still match the negate rule since the destination IP does not match the VIP.

Actions
Copy link
 #2

Updated by Chris W over 2 years ago

  • % Done changed from 0 to 50
Actions
Copy link
 #3

Updated by Jim Pingle over 2 years ago

  • Status changed from New to Pull Request Review
Actions
Copy link
 #4

Updated by Jim Pingle over 2 years ago

  • Status changed from Pull Request Review to Resolved
  • Assignee set to Jim Pingle
  • % Done changed from 50 to 100

Merged. Also fixed a couple small things I noticed after merging: https://gitlab.netgate.com/docs/pfSense-docs/-/commit/4aef8b77a2802a51880feb93bb27c422d5033013

Actions
Copy link

Also available in: Atom PDF