How to configure pfSense firewall rules

Firewall rules in pfSense allow you to control traffic entering or leaving your network. Configuring firewall rules is a crucial part of setting up your pfSense installation.

Here is a simple guide on how to create and manage firewall rules in pfSense:

  1. Access the pfSense Dashboard: Log into your pfSense firewall via your web browser (the default IP address is usually unless you’ve changed it). You will be prompted for a username and password. The default credentials are usually ‘admin’ for username and ‘pfsense’ for password unless you’ve changed them.
  2. Access Firewall Rules: From the top menu, go to ‘Firewall’ and then select ‘Rules’. Here you’ll see a list of your network interfaces. By default, you should have at least ‘WAN’ and ‘LAN’.
  3. Choose the Interface: Select the tab of the interface where you want to add the rule. If you’re adding a rule for inbound internet traffic, you’d typically select ‘WAN’. For rules that apply to your local network, select ‘LAN’.
  4. Add a New Rule: Click on the ‘Add’ button to create a new rule. This will open the Firewall Rules editor.
  5. Configure the Rule:
    • Action: Choose what the rule should do. ‘Pass’ allows the traffic, ‘Block’ denies the traffic, and ‘Reject’ denies the traffic and sends back an error.
    • Interface: This should be pre-filled based on the tab you selected earlier.
    • Address Family: Choose ‘IPv4’, ‘IPv6’, or ‘IPv4+IPv6’ based on the type of traffic you want to manage.
    • Protocol: Choose the protocol that the rule should apply to (TCP, UDP, ICMP, etc.).
    • Source and Destination: Specify the source and destination of the traffic. This can be any combination of IP addresses, network addresses, or ports. You can also use aliases to group multiple addresses or ports.
    • Log: Check this box if you want to log packets that match this rule.
  6. Save and Apply Changes: Click on ‘Save’ to add the rule, and then click on ‘Apply Changes’. pfSense will apply the rule immediately.

Remember, rules in pfSense are processed from the top down, with the first match being applied. Therefore, more specific rules should be placed above more general ones. Also, there’s an implicit ‘block all’ rule at the end of the list. If no rule matches the traffic, it will be blocked. You don’t see this rule, but it’s there in the background.

For more advanced configuration, pfSense also allows for rules related to traffic shaping, failover, VPN, etc. Be sure to thoroughly test any rules in a controlled manner before applying them to a production network, as incorrect rules can lead to network outages or security vulnerabilities.