Author Topic: Spamhaus Edrop / drop (Read 5273 times)

Julien · « **on:** April 26, 2018, 03:06:52 pm »

Hi Guys,
i have configured the spamhaus on the LAN side we have like 20 VLANS running. do i really have to create on each VLAN the firewall rule for the outgoing ?
all the VLANS are on the LAN living em0.

we have created the rules on the LAN side but not in the VLANS.

Code: [Select]

https://wiki.opnsense.org/manual/how-tos/edrop.html

mimugmail · « **Reply #1 on:** April 26, 2018, 03:35:22 pm »

You can create a floating rules and select the interfaces ...

Ciprian · « **Reply #2 on:** April 26, 2018, 03:36:21 pm »

For a similar multi subnets config I have created an interface group in firewall and then created the rules for (E)DROP on that group.

It should work

PS Also the "Force redirect external DNS queries to self" rule is created and applied on the same int group

Julien · « **Reply #3 on:** April 27, 2018, 10:01:55 pm »

Both ideas are great.
interface group isnt it the same as floating rules ?
thank you for your answer we do already have 4 floating rules one for accesing the gui and one for the productions networks. on each interface we have to apply this rules in order to have access to the web gui. bonjour service and MultiWAN.( see screenshot)
i have created a new 2 rules for the spamhaus on for both directions on the floating rules see attached screenshot.
is this enought or have to apply them on the vlans as well ?

Ciprian · « **Reply #4 on:** May 16, 2018, 10:24:24 am »

Floating rules are evaluated first and foremost (meaning, before/ on top of the "per interface" rule) so it's not necessary to set them twice.

Hope it helps!
Tschuss!

PS I wasn't around here for a while, sorry the very late answer

Author Topic: Spamhaus Edrop / drop (Read 5273 times)

Julien

Spamhaus Edrop / drop

mimugmail

Re: Spamhaus Edrop / drop

Ciprian

Re: Spamhaus Edrop / drop

Julien

Re: Spamhaus Edrop / drop

Ciprian

Re: Spamhaus Edrop / drop