OPNsense Forum
English Forums => General Discussion => Topic started by: Gary7 on April 19, 2019, 06:43:30 pm
-
I've recently upgraded my home network from a consumer-grade router to OPNsense. So far, so good. I'm using an APU2D4. I've been a Sys Admin managing servers for years.
Just a really basic question about WAN rules.
Since this is for my home network, there will be nothing inbound from the WAN. Default drop for everything on the WAN.
Is there any down-side for having no additional WAN firewall rules (i.e. spamhaus_drop)?
Do I even need to block private networks and bogon networks since default drop should take care of everything?
I have a Sys Admin mentality of doing everything needed, but don't do tasks that you don't need or duplicated tasks for performance reasons. Is there any benefit for processing any WAN rules when I'm going to default drop anyway?
Now, if I were allowing anything inbound (i.e. inbound VPN or inbound to a DMZ), then WAN rules would be needed.
My LAN side has multiple IP blacklists and URL blocking. I'm going to be adding more in the future. I switched to OPNsense to have blacklists and ad-blocking.
-
Hi Gary,
if you stay with drop all (default) rule you don't actually need any other inbound rules.
As a net admin, however, I need to remote admin all my firewalls and if there is no VPN at least one rule allowing the firewall remote admin is needed. In this case access can be "shielded" using DNSBLs and IPBLs.