OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: Julien on April 26, 2018, 03:06:52 pm

Title: Spamhaus Edrop / drop
Post by: Julien on April 26, 2018, 03:06:52 pm
Hi Guys,
i have configured the spamhaus on the LAN side we have like 20 VLANS running. do i really have to create on each VLAN the firewall rule for the outgoing ?
all the VLANS are on the LAN living em0.

we have created the rules on the LAN side but not in the VLANS.

Code: [Select]
https://wiki.opnsense.org/manual/how-tos/edrop.html
Title: Re: Spamhaus Edrop / drop
Post by: mimugmail on April 26, 2018, 03:35:22 pm
You can create a floating rules and select the interfaces ...
Title: Re: Spamhaus Edrop / drop
Post by: Ciprian on April 26, 2018, 03:36:21 pm
For a similar multi subnets config I have created an interface group in firewall and then created the rules for (E)DROP on that group.

It should work

PS Also the "Force redirect external DNS queries to self" rule is created and applied on the same int group
Title: Re: Spamhaus Edrop / drop
Post by: Julien on April 27, 2018, 10:01:55 pm
Both ideas are great.
interface group isnt it the same as floating rules ?
thank you for your answer we do already have 4 floating rules one for accesing the gui and one for the productions networks. on each interface we have to apply this rules in order to have access to the web gui. bonjour service and MultiWAN.( see screenshot)
i have created a new 2 rules for the spamhaus on for both directions on the floating rules see attached screenshot.
is this enought or have to apply them on the vlans as well ?
Title: Re: Spamhaus Edrop / drop
Post by: Ciprian on May 16, 2018, 10:24:24 am
Floating rules are evaluated first and foremost (meaning, before/ on top of the "per interface" rule) so it's not necessary to set them twice.

Hope it helps!
Tschuss!

PS I wasn't around here for a while, sorry the very late answer