-
TIL: @opnsense doesn't easily support a firewall rule of type ALLOW from <one network> to <the Internet> i.e. to allow outgoing WAN traffic, but not automatically to all other networks behind the firewall. With nftables/iptables, you just specify an outgoing interface.Permalink On twitter.com
❤️ 1 Favorite Mood +4 🙂
-
A quick look at man.openbsd.org/pf.conf#PACKET_FILTERING makes me unsure if that is indeed a limitation in PF. Dear lazy Twitter: is there no better way than having an alias with all internal networks using that as negated destination for such rules (because that sure is brittle)?On twitter.com