OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: mike366 on March 19, 2017, 05:25:36 pm

Title: Does port forwarding in opnsense bypass the firewall rules?
Post by: mike366 on March 19, 2017, 05:25:36 pm
If I have an email server sitting behind an opnsense router, and the opnsense firewall blocks certain countries from access, if I port forward to the email server, are the blocked county ip rules enforced first, so that 'bad' traffic does not make it to the email server?

Thank you.
Title: Re: Does port forwarding in opnsense bypass the firewall rules?
Post by: With Wings on March 20, 2017, 05:51:57 am
Services > Intrusion Detection > 'User Defined' (Tab) >

GeoIP/Country
 Ă—United States (not)
 
GeoIP/Direction
 Source   
Action
 Drop

This will drop all traffic from every country other than the U.S. There is still plenty of 'bad' traffic here though, and people elsewhere can also use Tor, a VPN, or a 'zombie' (compromised) host.
Title: Re: Does port forwarding in opnsense bypass the firewall rules?
Post by: mike366 on March 20, 2017, 09:19:49 pm
Sure, thanks for the info.  At least it sounds like all packets not originating in US will be dropped before the port forward to the email server happens.  I appreciate the pointer on setup.
Title: Re: Does port forwarding in opnsense bypass the firewall rules?
Post by: With Wings on May 10, 2017, 07:26:25 pm
Just to clarify, yes the traffic will be dropped.