Correction #13428
closed
Firewall rules clarification
100%
Description
In https://docs.netgate.com/pfsense/en/latest/firewall/rule-methodology.html, the following text is, at best, unclear, and at worst, wrong.
In pfSense® software, rules on interface tabs are applied on a per-interface basis, always in the inbound direction on that interface. This means traffic initiated from the LAN is filtered using the LAN interface rules. Traffic initiated from the Internet is filtered with the WAN interface rules.
If rules are applied at ingress, then "traffic initiated from the LAN" is incorrect, and should be something like "traffic sent to the LAN".
The following sentence regarding the Internet is true, because traffic is being sent FROM the Internet TO the WAN interface.
Updated by Jim Pingle over 2 years ago
- Assignee set to Jim Pingle
- Priority changed from Normal to Low
It is correct but could maybe be more clear.
It says "traffic initiated from the LAN". It does NOT say "traffic initiated from the LAN interface". Expanding the acronym, the current phrasing is saying "traffic initiated from the Local Area Network". For it to be incorrect it would have to contain the word "interface", but it is not present nor is it implied.
Updated by Jim Pingle over 2 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Updated by Danilo Zrenjanin over 2 years ago
- Status changed from Feedback to Resolved
It looks good.
I am marking this ticket resovled.