Netgate SG-1000 microFirewall

Author Topic: Asterisk vs explicit net in source field  (Read 112 times)

0 Members and 1 Guest are viewing this topic.

Offline joelones

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +0/-0
    • View Profile
Asterisk vs explicit net in source field
« on: February 02, 2018, 06:14:06 pm »
I'm trying to understand the significance and difference of having an asterisk vs the specific network in the source field for a firewall rule under a specific interface.

To be more clear, in the screenshot, I'm currently in the VLAN10 tab set of rules. One rule explicitly has VLAN10 as a source and another as an asterisk. But since I'm under the VLAN10 tab and because rules are relative to the interface (incoming) does "*" mean the same as "VLAN10"? When would you use either?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9817
  • Karma: +1107/-311
    • View Profile
Re: Asterisk vs explicit net in source field
« Reply #1 on: February 02, 2018, 08:51:56 pm »
LAN net is the subnet of the LAN interface. So if you have LAN numbered as 192.168.1.1/24, LAN net is 192.168.1.0/24

* is any meaning any source address will match that rule.

Most prefer to use LAN net because there is no reason to allow traffic in that should not be coming in.

Unless there is a reason such traffic should be allowed in such as a downstream router with subnets other than 192.168.1.0/24 behind it.

I don't see anything wrong with that any block rule there.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM