OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: Wayne Train on November 27, 2017, 01:01:31 pm
-
Hi,
I'm not really sure if I understand the concept of floating rules correctly. OPN has nothing regarding this topic in its documentantion, but PF states the following:
1) Filter traffic from the firewall itself
2) Filter traffic in the outbound direction (all other tabs are Inbound processing only)
3) Apply rules to multiple interfaces
4) Apply filtering in a "last match wins" way rather than "first match wins" (quick)
5) Apply traffic shaping to match traffic but not affect it's pass/block action
Is this exactly the same for OPN ?
The following things aren't really clear to me:
2) Till now, I filtered my outbound traffic from single VLANs from their interface tab in the rules menu. Is this the wrong approach ? For example: I created some port aliases with what I wanted to be permitted outbound and allowed this with a rule that inverted the RFC1918 to make it match on all destinations, but the private IP-address-range.
4) What should last match mean exactly ? Does it mean that if I would like to block traffic from LAN to 0.0.0.0 and if this rule is followed by a rule, that for example just blocks traffic from LAN to a specific IP, then this rule will match and not the "block LAN to 0.0.0.0" rule ? Except that this example makes no real sense, for me this concept seems a bit strange.
If someone could clarify on this, I would be grateful.
Thanks.
Wayne