Run OPNsense as router and firewall at the same time

Started by banym, September 07, 2019, 12:57:02 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 07, 2019, 12:57:02 AM
Hey,

is it possible to run a OPNsense box as router and firewall at the same time. At one hand I need to route traffic from one interface to the other without stateful processing.

Would it be enough to define rules with state "none" to turn of stateful processing if the rule hits?
I know it is possible to turn of pf completely, but that would mean I could not even protect the box itself?

To add some more backround, the box is doing BGP and forwards traffic to other routers. This traffic does not need filtering. In addition to that, I don't want to keep states for the forwarded traffic in my state table. Since the routing to that other router could go asynchronous, stateful rules could block traffic because no states for the connection are there. This is not what I want for that connection. 

On other interfaces or rules, the box should be able to filter.

Regards,

Dominik
Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de
September 07, 2019, 08:13:15 AM #1
You will also need rules for the response packets as well but then it should work (There are still some default rules).
September 07, 2019, 11:53:58 AM #2 Last Edit: September 08, 2019, 10:43:55 AM by banym
Yeah I have rules with state none defined in both directions.
I will let you know how it works and how it performs.

Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de
Print
Go Up Pages1
User actions