Archive > 22.7 Legacy Series

[SOLVED]Need help understanding firewall rules

(1/1)

evan:
On my LAN segment, if I create two rules, one which rejects all IN traffic and another with allows allows all OUT traffic, my outbound traffic is blocked.  If I allow the IN traffic, my outbound traffic works.  Almost like a stateless ACL would work.

I am pretty sure the firewall is stateful so I must be doing something wrong.  I have attached a screenshot if that helps at all.

evan:
Oops.  I figured it out.  I am thinking about IN and OUT backwards because it is LAN interface.

Demusman:
It's the same for every interface, LAN is no different.
IN is traffic coming into the interface from the attached network.
OUT is traffic leaving the interface into the attached network.

evan:

--- Quote from: Demusman on August 07, 2022, 07:56:18 pm ---It's the same for every interface, LAN is no different.

--- End quote ---

Yes, that is true but it is logically different when comparing to other products.

If I compare it some traditional firewalls where the directionalality isn't related to the interface but the network or the firewall.

In this case, WAN traffic coming from the outside is considered IN and traffic going to the internet is OUT.  In this way, it is the same as opnsense.

In the case of LAN traffic it is typical for traffic coming into the LAN network to be considered IN but opnsense is the opposite.

Basically, I just have to reorient my brain to think about it from the perspective of the interface but I have been working with firewalls for a long time so it is going to take some mental adjustment on my part.

No big deal, all good now.

Greelan:
There's nice help text on the Direction setting to assist with reminding you :)

Navigation

[0] Message Index