Firewall rule direction question

[Blade3]

Hi guys,

Using opnsense and it works well. Bit of a basic question, but I am confused by rule direction (in/out).

For example, I have a server behind my lan interface which I want to be able to ping a server behidn my DMZ interface. For this, what would the rule configuration be in terms of direction? As traffic goes LAN > Firewall > DMZ, I always assumed inbound for DMZ.

Thanks

[Greelan]

No, inbound on LAN

Traffic direction is explained in the OPNsense docs, and also in the help text for the direction option in the firewall rule config:

Code: [Select]

Direction of the traffic. Traffic IN is coming into the firewall interface, while traffic OUT is going out of the firewall interface. In visual terms: [Source] -> IN -> [Firewall] -> OUT -> [Destination]. The default policy is to filter inbound traffic, which means the policy applies to the interface on which the traffic is originally received by the firewall from the source. This is more efficient from a traffic processing perspective. In most cases, the default policy will be the most appropriate.