OPNsense Forum

English Forums => Documentation and Translation => Topic started by: piny on January 03, 2022, 04:05:07 pm

Title: » Firewall » Configure Spamhaus (E)DROP as Floating Rule?
Post by: piny on January 03, 2022, 04:05:07 pm

The section Configure Spamhaus (E)DROP(https://docs.opnsense.org/manual/how-tos/edrop.html#configure-spamhaus-e-drop (https://docs.opnsense.org/manual/how-tos/edrop.html#configure-spamhaus-e-drop)) describes in detail how to setup the acc. firewall rules.

Wouldn't this also work with one floating rule (per DROP/EDROP) instead of a  set of two interface rules for LAN/WAN respectively (per DROP/EDROP)?
If yes this would be a great example of the use of floating rules, wouldn't it!

UPDATE: Just realize that in the definitions of a floating rule an interface must be selected exactly the same way as in an interface rule.
--> So creating the rule in the interface sections make it more transparent. probably.

Title: Re: » Firewall » Configure Spamhaus (E)DROP as Floating Rule?
Post by: bimbar on January 03, 2022, 06:40:31 pm

In floating you CAN select an interface, but you don't have to.

Nothing stops you from using an alias (even a dynamic alias like spamhaus edrop) anywhere you want to.

I do like to use stuff like that as a substitution for the internet (like allow <internal networks> to !<internal networks, blocked networks>).

Title: Re: » Firewall » Configure Spamhaus (E)DROP as Floating Rule?
Post by: piny on March 26, 2022, 03:19:25 pm

Thanks for clarifying!