Firewall Rules Tips and Tricks

Allowing Only Outbound Internet Traffic

Create an alias in pfSense that includes the RFC1918 private address space:

Create an Pass firewall rule, with the Destination set to Invert match, and alias is RFC1918.

This setup makes it so that Source traffic, that is NOT (!) destine for a private IP Address (RFC1918), is allow to pass through. Non-private IP Address is the wider public internet.

Instead of having two rules, one Deny Private IP and one Pass below it, this single rule simplifies the firewall rule set.

Hardware Considerations

Preparation

Start Installing

Initial Configuration Wizard

Config Backup and Config Restore

Fresh Install and Restore Config on First Boot

Adding, Removing, and Modifying Users

Adding More LAN Interfaces

Setting Up Firewall Rules

DHCP, DHCP Leases, and Static IPs

Firewall Rules Tips and Tricks

Adding/Removing Packages

Creating Self-Signed Certificate Authority and Certificates

Creating OpenVPN Remote Access Server

Adding pfBlockerNG

Configuring pfBlockerNG for WAN Malicious Blocking

Firewall Rules Tips and Tricks