Does port forwarding in opnsense bypass the firewall rules?

mike366 · March 19, 2017, 05:25:36 PM

If I have an email server sitting behind an opnsense router, and the opnsense firewall blocks certain countries from access, if I port forward to the email server, are the blocked county ip rules enforced first, so that 'bad' traffic does not make it to the email server?

Thank you.

Arakangel Michael · March 20, 2017, 05:51:57 AM

Services > Intrusion Detection > 'User Defined' (Tab) >

GeoIP/Country
×United States (not)

GeoIP/Direction
Source
Action
Drop

This will drop all traffic from every country other than the U.S. There is still plenty of 'bad' traffic here though, and people elsewhere can also use Tor, a VPN, or a 'zombie' (compromised) host.

mike366 · March 20, 2017, 09:19:49 PM

Sure, thanks for the info. At least it sounds like all packets not originating in US will be dropped before the port forward to the email server happens. I appreciate the pointer on setup.

Arakangel Michael · May 10, 2017, 07:26:25 PM

Just to clarify, yes the traffic will be dropped.

Does port forwarding in opnsense bypass the firewall rules?

mike366

March 19, 2017, 05:25:36 PM

Arakangel Michael

March 20, 2017, 05:51:57 AM #1

mike366

March 20, 2017, 09:19:49 PM #2

Arakangel Michael

May 10, 2017, 07:26:25 PM #3