Security Gateway Manual Netgate-8300
2.7.6 Firewall Rules
By default there are no firewall rules on the new interface, so the firewall will block all traffic. This is not ideal for a
LAN as generally speaking, the clients on this LAN will need to contact hosts through the firewall.
Rules for this interface can be found under Firewall > Rules, on the OPTx tab (or the custom name, e.g. GUESTS).
There are two common scenarios administrators typically choose for local interfaces: Open and Isolated
Open
On an open LAN, hosts in that LAN are free to contact any other host through the firewall. This might be a host on the
Internet, across a VPN, or on another local LAN.
In this case a simple “allow all” style rule for the interface will suffice.
• Navigate to Firewall > Rules, on the OPTx tab (or the custom name)
• Click to add a new rule at the top of the list
• Configure the rule as follows:
Action
Pass
Interface
OPTx (or the custom name) should already be set by default
Protocol
Any
Source
OPTx subnets (or the custom name)
Destination
Any
Description
Text describing the rule, e.g. Default allow all from OPTx
• Click Save
• Click Apply Changes
Isolated
In an isolated local network, hosts on the network cannot contact hosts on other networks unless explicitly allowed in
the rules. Hosts can still contact the Internet as needed in this example, but that can also be restricted with additional
rules.
This scenario is common for locked down networks such as for IOT devices, a DMZ with public services, untrusted
Guest/BYOD networks, and other similar scenarios.
Warning: A full set of reject rules as described in this example is the best practice. Do not rely on shortcuts such
as using policy routing to isolate clients.
© Copyright 2024 Rubicon Communications LLC 67
To Next Page
Loading...
