Messages

1

23.7 Legacy Series / Re: WAN outbound rules and "let out anything from firewall host itself"

« on: October 20, 2023, 05:49:25 pm »

I tried to lock firewall itself and allow only selected traffic (like updates) while allowing connected devices on a different VLANS which have IN rules in place allowing them to connect to internet to still connect to the internet.

I assumed that its better and more secure to have tailored OUT rules instead of let anything OUT ?

2

23.7 Legacy Series / WAN outbound rules and "let out anything from firewall host itself"

« on: October 17, 2023, 07:07:40 pm »

Hi

Im having hard time trying to figure out " let out anything from firewall host itself" default rule and WAN outbound rules.
Whenever default rule is in place everything works fine, but my goal was to block anything leaving firewall and just allow manually ports and services that can communicate out.

I commented out a default "let out anything" rule in a filter.lib.inc file and it worked as expected no access to outside world, but then when i added a floating quick WAN allow anything out rule, exactly the same as default i still can't access anything. Doesn't matter if i put a rule inside a WAN or in a floating section, even tho the rule is exactly the same as filter.lib.inc auto rule it doesnt' work if i add it manually, i had to uncomment filter.lib.inc rule in order to get back online.

I also tried putting quick WAN block anything out rule, since the auto rule is normal not quick. It did blocked access to outside world, but then again even if i put WAN floating allow out rules on top of the list, before the block one i can't get internet access.

For a record i just learning/playing around with opnsense so it's nothing critical and i know that OUT rules are rarely used, i just wanted to play a litle bit with it to understand it better but i can't figure out what i am doing wrong, and spent most of the day googling and still haven't found a explanation why does it work this way.