Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
grouping host names and protocols for firewall rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: grouping host names and protocols for firewall rules (Read 2668 times)
bongo
Jr. Member
Posts: 96
Karma: 3
grouping host names and protocols for firewall rules
«
on:
September 28, 2020, 02:18:40 pm »
i'm actually trying to migrate my network from a kerio based solution to opnsense.
so far, it looks like things that were quite easy with kerio are much more complicated to do with opnsense, but probably, i just have not yet understood how to do this with opnsense. so this is what i already did / would like to do:
i configured the v4 dhcp in a way that all about 50 devices, connected (and actually allowed) on the first lan network get their reserved, static ip address. so in the dhcp config, i have the fixed association between mac address, ip address and hostname.
for configuration of the firewall, there is always a group of hosts allowed to use some protocols. while most of them need dns, http and https, there are some hosts which also need to be allowed to do ftp or have some other ports open for telephony or allow to use other services.
so my setup is expected to have a last rule at the very bottom, blocking everything that has not explictely been allowed by one of the rules above. then above, i allow all that is required...
i expected to be able to build groups of hosts and groups of services/ports, to then be able to only have a few rules defined like:
lan_source_group_A is allowed to use service_group_A to acess all destinations on the wan interface.
so i thought to be able to use the host names defined in the dhcp to form the source groups by using an alias. but unfortunately, i was not able to do so.
is it really so that i first have to configure an alias for each one of the hosts, already defined in the dhcp, to also associate the host name to the ip address already configured in dhcp, to be used in the firewall section?
so if yes, i first have to do my 50 aliases, to associate host name and ip, to handle the hosts by name instead of ip address in the firewall. right?
then in a second step, i have to do an assignment for each source group, to be used, to group the hosts to the appropriate group. right?
and then, i can define the rules, using the source groups defined before, in the source field of the rule.
but do i really have to configure a separate rule for each protocol to be used, or is it possible to also group the protocols, i.e. define a goup "standard_protocols" containing e.g. http, https, dns, ftp or a group "telephony" containng all ports to be opened for doing ip telephony?
i was used to be able to insert lists in each field of a rule (source, destination, protocol,...) while using kerio, and now i really wonder why this is not possible with much newer opnsense solution...but probably, i just misunderstood something.
so please help!!
thank you very much!!
Logged
immto
Newbie
Posts: 7
Karma: 0
Re: grouping host names and protocols for firewall rules
«
Reply #1 on:
December 20, 2020, 06:03:49 am »
I agree, it would be nice to create an alias to group protocols
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: grouping host names and protocols for firewall rules
«
Reply #2 on:
December 20, 2020, 07:11:07 am »
I always name them by direction, like:
LAN_WAN_tcp
PRINTERS_CLIENTS_tcpudp
WAN_DMZ_udp
...
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
grouping host names and protocols for firewall rules