Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Basic question about WAN rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Basic question about WAN rules (Read 2155 times)
Gary7
Jr. Member
Posts: 59
Karma: 6
Basic question about WAN rules
«
on:
April 19, 2019, 06:43:30 pm »
I've recently upgraded my home network from a consumer-grade router to OPNsense. So far, so good. I'm using an APU2D4. I've been a Sys Admin managing servers for years.
Just a really basic question about WAN rules.
Since this is for my home network, there will be nothing inbound from the WAN. Default drop for everything on the WAN.
Is there any down-side for having no additional WAN firewall rules (i.e. spamhaus_drop)?
Do I even need to block private networks and bogon networks since default drop should take care of everything?
I have a Sys Admin mentality of doing everything needed, but don't do tasks that you don't need or duplicated tasks for performance reasons. Is there any benefit for processing any WAN rules when I'm going to default drop anyway?
Now, if I were allowing anything inbound (i.e. inbound VPN or inbound to a DMZ), then WAN rules would be needed.
My LAN side has multiple IP blacklists and URL blocking. I'm going to be adding more in the future. I switched to OPNsense to have blacklists and ad-blocking.
Logged
daigoro
Newbie
Posts: 18
Karma: 1
Re: Basic question about WAN rules
«
Reply #1 on:
April 19, 2019, 08:31:52 pm »
Hi Gary,
if you stay with drop all (default) rule you don't actually need any other inbound rules.
As a net admin, however, I need to remote admin all my firewalls and if there is no VPN at least one rule allowing the firewall remote admin is needed. In this case access can be "shielded" using DNSBLs and IPBLs.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Basic question about WAN rules