|
|
|
|
|
|
by exmadscientist
1559 days ago
|
|
|
But don't use these if your configuration is simple enough that you can manually recreate it, on the completely-impossibly-rare chance that pfSense has managed to subtly bork itself and you're switching to OPNsense to get a more reliable device.... |
|
|
Firewall rules tend to aquire "cruft", especially in domestic settings, where you add rules to "fix something", and there is rarely any review of existing rules.
Personally i keep a spreadsheet of the firewall rules i need, including inter VLAN communication, with source/destination ip/port as well as a link to any article describing why this port needs to be open (like Sonos across VLANs, etc).
It sounds cumbersome, but it doesn't change frequently, and reimplementing it in a new firewall takes 30-60 minutes.