Feature #588: pfSense DMZ Trap Door Rule - FreeBSD Administration - ALT Project Management

Feature #588

pfSense DMZ Trap Door Rule

Added by Daniel Curtis about 9 years ago. Updated about 9 years ago.

Status:

Closed

Priority:

High

Assignee:

Daniel Curtis

Category:

Firewall/Router

Target version:

pfSense 2.2

Start date:

03/31/2015

Due date:

% Done:

100%

Estimated time:

0.50 h

Spent time:

1.50 h

Description

One of the rules I need for my firewall is to allow established connections from my LAN to my DMZ, but block any newly created connection from my DMZ to my LAN. This is to prevent any potential compromise of my DMZ from spilling over into my LAN.

Luckily pfSense can handle this with a simple rule. Start by going to Firewall -> Rules and then select the DMZ tab.

Next create a new rule by clicking on [+] and use the following settings.
- Action: Block
- Interface: DMZ
- Protocol: TCP/UDP
- Source: DMZ net
- Destination: LAN net
- Destination Port Range: Any
- TCP Flags Set: SYN[X]
- TCP Flags Out Of: SYN[X] ACK[X]

History
Property changes
Spent time

Also available in: Atom PDF

Project

General

Profile

GNet Solutions » FreeBSD Administration

Feature #588

pfSense DMZ Trap Door Rule

Updated by Daniel Curtis about 9 years ago

Updated by Daniel Curtis about 9 years ago

Updated by Daniel Curtis about 9 years ago

Updated by Daniel Curtis about 9 years ago

Updated by Daniel Curtis about 9 years ago