Project

General

Profile

Actions

Bug #3819

closed

Firewall Rule Basics documentation dangerously misleading

Added by badon _ over 10 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
08/20/2014
Due date:
% Done:

0%

Estimated time:
0.01 h
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

On this page:

https://doc.pfsense.org/index.php/Firewall_Rule_Basics

It says:

"The default on all interfaces is to deny traffic, and only what is explicitly allowed via firewall rules will be passed.

Which is misleading without further explanation. It needs to be clarified that the default out-of-the-box configuration of pfSense includes rules that explicitly allow all traffic to pass, so to deny traffic, those rules must be disabled or deleted. This detail is critical in applications where data leaks could be catastrophic, like the use case described here:

https://www.livebusinesschat.com/smf/index.php?topic=5410.0

I could fix this myself, but I don't have a wiki account and I'm not sure how to get one. There are other problems on that page that could benefit from some clarification, but none of them are urgent like this issue is.

Here's a permalink to the page described in this report:

https://doc.pfsense.org/index.php?title=Firewall_Rule_Basics&oldid=5437

Actions

Also available in: Atom PDF