Skip to main content

pfSense Firewall Rules for Beginners

Firewall rules are at the core of pfSense and define how traffic is allowed or denied across your network. This guide introduces the basics of creating and managing rules in pfSense for a secure homelab or home network.

Understanding Firewall Rule Basics

  • Default Deny: pfSense blocks all traffic unless explicitly allowed.
  • Rule Direction: pfSense rules are evaluated top-down on incoming traffic per interface.
  • Interface Specific: Rules apply per interface (e.g., LAN, WAN, VLAN).
  • First Match Wins: Only the first matching rule is applied.

Common Rule Types

Rule TypeDescription
Allow LAN to WANDefault rule allowing outbound internet access
Block RFC1918Prevents private IPs from entering via WAN
VLAN IsolationBlocks traffic between VLANs unless allowed
Port ForwardingForwards external traffic to internal services

Example: Basic LAN to WAN Rule

  1. Go to Firewall > Rules > LAN
  2. Click Add to create a new rule
  3. Set the following:
    • Action: Pass
    • Interface: LAN
    • Protocol: Any
    • Source: LAN net
    • Destination: Any
  4. Save and apply changes.

This allows all LAN clients to access the internet.

Example: Block VLAN10 from Accessing LAN

  1. Go to Firewall > Rules > VLAN10
  2. Add a rule:
    • Action: Block
    • Protocol: Any
    • Source: VLAN10 net
    • Destination: LAN net
  3. Move this rule to the top
  4. Save and apply.

This ensures VLAN10 can't access your main LAN.

Tips for Managing Rules

  • Use aliases: Group IPs, ports, or networks for easier management.
  • Add logging: Enable logging for critical rules to troubleshoot traffic.
  • Name rules: Add descriptions so you know why a rule exists.
  • Avoid 'Any Any Allow': Too permissive; defeats the purpose of a firewall.

Troubleshooting

  • Check the Firewall Logs: Go to Status > System Logs > Firewall
  • Use Diagnostics > Packet Capture to inspect traffic flow.
  • Review Rule Order: Misplaced rules can unintentionally block or allow traffic.

Additional Resources

Summary

pfSense firewall rules are powerful, but must be managed with care. By understanding rule order, direction, and interface behavior, you can secure your homelab without accidentally blocking yourself out.