You may want to create a rule at the top to prevent locking yourself out - something along the lines of any TCP connection on the LAN to the interface IP/Port. From there you could play around with all the rules you want.Yesterday locked myself out of my PFSense box configuring the ports on it.
I'd be interested in it. I'm looking to start a move away from DD-WRT. I just have too much networking tied into a single box that isn't easily swapped out if it goes down. Plus I wouldn't mind faster SSH/VPN access via a more powerful CPU.Might move this thread over to a blog and write a DIY with pictures on setting up the PFSense firewall with the 6 NICs.
Don't have to actually create one. You can just select the "auto-lock out" option.video321 said:You may want to create a rule at the top to prevent locking yourself out - something along the lines of any TCP connection on the LAN to the interface IP/Port. From there you could play around with all the rules you want.
pete_c said:For example dropping secondary firewalls layered inside of my network or just boxes that I want to open up to the internet in general.
Curious about the methodology of doing this with PFSense. Have two questions:
1 - should I create a 1 to 1 NAT first?
2 - firewall rule which allows all incoming traffic on the WAN link to one IP on one LAN link/IP?