Bug #3819: Firewall Rule Basics documentation dangerously misleading - pfSense - pfSense bugtracker

Actions

Copy link

Bug #3819

closed

Firewall Rule Basics documentation dangerously misleading

Added by badon _ over 9 years ago. Updated about 2 years ago.

Status:

Resolved

Priority:

High

Assignee:

Category:

Rules / NAT

Target version:

Start date:

08/20/2014

Due date:

% Done:

Estimated time:

0.01 h

Plus Target Version:

Release Notes:

Default

Affected Version:

Affected Architecture:

Description

On this page:

https://doc.pfsense.org/index.php/Firewall_Rule_Basics

It says:

"The default on all interfaces is to deny traffic, and only what is explicitly allowed via firewall rules will be passed.

Which is misleading without further explanation. It needs to be clarified that the default out-of-the-box configuration of pfSense includes rules that explicitly allow all traffic to pass, so to deny traffic, those rules must be disabled or deleted. This detail is critical in applications where data leaks could be catastrophic, like the use case described here:

https://www.livebusinesschat.com/smf/index.php?topic=5410.0

I could fix this myself, but I don't have a wiki account and I'm not sure how to get one. There are other problems on that page that could benefit from some clarification, but none of them are urgent like this issue is.

Here's a permalink to the page described in this report:

https://doc.pfsense.org/index.php?title=Firewall_Rule_Basics&oldid=5437

Actions

Copy link

Updated by Chris Buechler over 9 years ago

Status changed from New to Resolved

You were reading it wrong, it didn't claim no traffic would be passed, it stated traffic not matching any firewall rules is blocked. I edited to clarify.

Actions

Copy link