Author Topic: Run OPNsense as router and firewall at the same time (Read 2432 times)

banym · « **on:** September 07, 2019, 12:57:02 am »

Hey,

is it possible to run a OPNsense box as router and firewall at the same time. At one hand I need to route traffic from one interface to the other without stateful processing.

Would it be enough to define rules with state "none" to turn of stateful processing if the rule hits?
I know it is possible to turn of pf completely, but that would mean I could not even protect the box itself?

To add some more backround, the box is doing BGP and forwards traffic to other routers. This traffic does not need filtering. In addition to that, I don't want to keep states for the forwarded traffic in my state table. Since the routing to that other router could go asynchronous, stateful rules could block traffic because no states for the connection are there. This is not what I want for that connection.

On other interfaces or rules, the box should be able to filter.

Regards,

Dominik

fabian · « **Reply #1 on:** September 07, 2019, 08:13:15 am »

You will also need rules for the response packets as well but then it should work (There are still some default rules).

banym · « **Reply #2 on:** September 07, 2019, 11:53:58 am »

Yeah I have rules with state none defined in both directions.
I will let you know how it works and how it performs.

Author Topic: Run OPNsense as router and firewall at the same time (Read 2432 times)

banym

Run OPNsense as router and firewall at the same time

fabian

Re: Run OPNsense as router and firewall at the same time

banym

Re: Run OPNsense as router and firewall at the same time