Netgate SG-1000 microFirewall

Author Topic: When should I block inbound?  (Read 366 times)

0 Members and 1 Guest are viewing this topic.

Offline wgstarks

  • Jr. Member
  • **
  • Posts: 80
  • Karma: +0/-0
    • View Profile
When should I block inbound?
« on: December 23, 2017, 12:47:30 pm »
I’ve just recently installed pfSense and pfblockerng and this is all a little outside my expertise.

Most of the guides I’ve read have recommended using “deny both”, but with the default blocking of all inbound traffic I can see that “deny outbound” would probably make more sense.

When and why would I ever need to deny inbound traffic? I’m sure there is a reason why this option was included.
pfSense vs 2.4.3
Box: Minisys IBOX-501 N10E
CPU: Intel Atom E3845
NIC: Intel WG82583 1000M x 4
RAM: 8GB

Offline BBcan177

  • Moderator
  • Hero Member
  • *****
  • Posts: 2608
  • Karma: +824/-5
    • View Profile
    • Click for Support
Re: When should I block inbound?
« Reply #1 on: December 26, 2017, 07:27:12 pm »
You only need to add rules to the Inbound, if you have any open WAN ports that you would like to filter on.
"Experience is something you don't get until just after you need it."

 | http://pfblockerng.com | Twitter @BBcan177  | #pfBlockerNG |

Offline cyberzeus

  • Newbie
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: When should I block inbound?
« Reply #2 on: January 03, 2018, 05:00:07 pm »
Quote
You only need to add rules to the Inbound, if you have any open WAN ports that you would like to filter on.

To add to this, I think most guides say to use Deny Both because while you may start out with the default case of all unsolicited inbound WAN traffic being blocked, as soon as a single port is open for service, the game is afoot.  So, if you start out with Deny Both, then at least you're covered if something changes on the WAN and you forget to change your pfB protection.

Personally, I use Floating for my pfB lists and have them attached to both WAN\LAN...

Offline BBcan177

  • Moderator
  • Hero Member
  • *****
  • Posts: 2608
  • Karma: +824/-5
    • View Profile
    • Click for Support
Re: When should I block inbound?
« Reply #3 on: January 05, 2018, 09:04:21 am »
Quote
You only need to add rules to the Inbound, if you have any open WAN ports that you would like to filter on.

To add to this, I think most guides say to use Deny Both because while you may start out with the default case of all unsolicited inbound WAN traffic being blocked, as soon as a single port is open for service, the game is afoot.  So, if you start out with Deny Both, then at least you're covered if something changes on the WAN and you forget to change your pfB protection.

Personally, I use Floating for my pfB lists and have them attached to both WAN\LAN...

Keep in mind that adding rules to the WAN when there is no open Ports is wasting processing power of the box and flowing down queries as each inbound packet will go thru each table unnecessarily..  Your also going to fill the widget and logs with noise and miss out on the real events that were being blocked which should be investigated.... 
"Experience is something you don't get until just after you need it."

 | http://pfblockerng.com | Twitter @BBcan177  | #pfBlockerNG |