Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Question about mutiple port alias and firewall rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: Question about mutiple port alias and firewall rules (Read 4599 times)
vincent0
Newbie
Posts: 1
Karma: 0
Question about mutiple port alias and firewall rules
«
on:
February 19, 2022, 09:35:11 pm »
Hi there,
I have a question about a multiple port alias and firewall rule. Here is some example :
- I want to open a DMZ HTTP proxy server using IPv6 to public WAN
- So I need to open HTTP (80) and HTTPS (443)
To do this :
- I create alias for proxy server IPv6
- I create mutliple port alias for HTTP and HTTPS
- I create a rule on WAN interface allowing incoming connections on IPv6 to proxy serveur using IPv6 alias for destination and the multiple port alias to allow in the same rule both HTTP and HTTPS
--> This only allow HTTP (because fisrt port in the multiple port alias).
To have HTTPS working, I need to create a second rule with only HTTPS, and let only HTTP in first rule.
And I don't want to allow a range from 80 to 443, only 80 and 443.
Is a multiple port rule is allowed in Opnsense ? If yes, how to do this ? According to the web interface, only one port is allowed in destination port (or port range, but not multiple port alias, or this is not working).
Seems to be the case in pfsense to use multiple port aliases.
Many thanks
Logged
Saarbremer
Sr. Member
Posts: 353
Karma: 14
Re: Question about mutiple port alias and firewall rules
«
Reply #1 on:
February 21, 2022, 05:50:01 pm »
When you unfold the "Automatically generated rules" on the LAN rules page you'll see that the "anit-lockout rule" uses 3 different ports and it will work as you can see when clicking "inspect". It will show you some passed bytes and packets.
Did you enable logging for the rules and check with protocol view what actually happened?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Question about mutiple port alias and firewall rules