Project

General

Profile

Feature #588

pfSense DMZ Trap Door Rule

Added by Daniel Curtis over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
High
Assignee:
Daniel Curtis
Category:
Firewall/Router
Target version:
pfSense 2.2
Start date:
03/31/2015
Due date:
% Done:

100%

Estimated time:
0.50 h
Spent time:
1.50 h

Description

One of the rules I need for my firewall is to allow established connections from my LAN to my DMZ, but block any newly created connection from my DMZ to my LAN. This is to prevent any potential compromise of my DMZ from spilling over into my LAN.

  • Luckily pfSense can handle this with a simple rule. Start by going to Firewall -> Rules and then select the DMZ tab.
  • Next create a new rule by clicking on [+] and use the following settings.
    • Action: Block
    • Interface: DMZ
    • Protocol: TCP/UDP
    • Source: DMZ net
    • Destination: LAN net
    • Destination Port Range: Any
    • TCP Flags Set: SYN[X]
    • TCP Flags Out Of: SYN[X] ACK[X]
#1

Updated by Daniel Curtis over 9 years ago

  • Subject changed from DMZ Trap Door Rule to pfSense DMZ Trap Door Rule
#2

Updated by Daniel Curtis over 9 years ago

  • Description updated (diff)
  • % Done changed from 0 to 50
#3

Updated by Daniel Curtis over 9 years ago

  • Description updated (diff)
#4

Updated by Daniel Curtis over 9 years ago

  • Status changed from New to Resolved
  • % Done changed from 50 to 100
#5

Updated by Daniel Curtis over 9 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF