English Forums > Documentation and Translation

» Firewall » Configure Spamhaus (E)DROP as Floating Rule?

(1/1)

piny:
The section Configure Spamhaus (E)DROP(https://docs.opnsense.org/manual/how-tos/edrop.html#configure-spamhaus-e-drop) describes in detail how to setup the acc. firewall rules.

Wouldn't this also work with one floating rule (per DROP/EDROP) instead of a  set of two interface rules for LAN/WAN respectively (per DROP/EDROP)?
If yes this would be a great example of the use of floating rules, wouldn't it!

UPDATE: Just realize that in the definitions of a floating rule an interface must be selected exactly the same way as in an interface rule.
--> So creating the rule in the interface sections make it more transparent. probably.

bimbar:
In floating you CAN select an interface, but you don't have to.

Nothing stops you from using an alias (even a dynamic alias like spamhaus edrop) anywhere you want to.

I do like to use stuff like that as a substitution for the internet (like allow <internal networks> to !<internal networks, blocked networks>).

piny:
Thanks for clarifying!

Navigation

[0] Message Index