I have some questions about how to configure the firewall for pfSense. I was reading the the pfSense example basic configuration on their website. I was reading their example rules and trying to set them up for my pfSense router but I just keep blocking all traffic. I think I’m setting up the port configuration incorrectly. For example, if one rule is TCP/UDP 53 (DNS) from LAN subnet to Upstream DNS Servers. I went to the LAN tab under the Firewall rules page and created a new rule. I set the Action to Pass, Protocol to TCP/UDP, Source is LAN Net and under advanced settings I set the port range from 53 to 53, Destination is Single Host or Alias 8.8.8.8 as I am using the Google DNS and clicked save. But when I implement this rule and try to visit a website, like google.com, my browser just states connecting to google.com. Can someone please tell me what I am doing wrong. I think once I can get this rule implemented, I should be okay with the rest. Thanks
If you have deleted the default allow any to any rule you will have to specify all outbound traffic. So you will need a rule to allow port 80 and 443 for websites and whatever else for anything else you want to do. Other wise just make a rule that allows any from LAN to any, the inbound rules will still block everything so you won't need to worry about people connecting to you.
Unless you have a really specific reason not to, you should probably allow all outbound traffic on the LAN interface. Like this:
Well I've read that egress filtering is part of the best practices of configuring a firewall. I want to disable the LAN to Any and LAN IPv6 to Any rules. @Dexter_Kane, what you have stated is my problem. Where do I specify port 80 and 443. Is it in the Source subsection of the Rules configuration page, is it in the Destination subsection of the Rules configuration page, or do I just pick the protocol in the first subsection of the rules configuration page?
@jhFHP My reason is I am trying to learn how to configure firewalls and lock them down. I don't have access to any other networks to learn or practice on so I am using my home network. I understand the theory about what needs to be blocked and what the best practices are, but I keep messing up the implementation and have to keep reverting back to the default settings to get a working network.
Destination. Pretty much every time it will be destination. You may also want to open up ports for e-mail too and whatever else you may need.