Skip to main content

Firewall Rules Tips and Tricks

Allowing Only Outbound Internet Traffic

Create an alias in pfSense that includes the RFC1918 private address space:

Screenshot 2022-10-24 012220.png

Create an Pass firewall rule, with the Destination set to Invert match, and alias is RFC1918.

Screenshot 2022-10-24 012526.png

This setup makes it so that Source traffic, that is NOT (!) destine for a private IP Address (RFC1918), is allow to pass through. Non-private IP Address is the wider public internet.

Screenshot 2022-10-24 012555.png

Instead of having two rules, one Deny Private IP and one Pass below it, this single rule simplifies the firewall rule set.