TutoLivre

Following the previous text on the blocking of access to the SMTP client's internal network by using the pfSense, today we know how to make access to SMTP and others to an external provider specific. SMTP blocking traffic to the outside world is an effective measure to avoid problems, but on the other hand we have legitimate customers who need to access their accounts on our network. So we need to create rules that selectively release the traffic.

The principle is the same, but we know the use of the alias pfsese that provides a better management of networks, protocols and clients with whom we work. To create an alias on the menu pfsense "Firewall" -> "Alias." On the screen of "Alias" (Figure 1) by clicking the icon and the symbol of plus (+) in the upper right corner of your screen to add a new alias (add a new alias). We can create alias for networks, hosts or ports, each alias should one or more IP or port. The great advantage of alias is that if an internal IP or change the door of a service, for example, need not touch any of the firewall rule, just change your alias. For those who manage firewalls with hundreds of rules that is crucial. In our example we will create an alias for Gmail SMTP, which has two IPs working so balanced. On the screen to create the alias (Figure 2) fill the following fields: Name = SMTP_GOOGLE (must be unique and contain only characters and numbers), Description = smtp.gmail.com (This description is not mandatory), Type = Host (s ) And IPs. To add more IPs and their descriptions simply click on the button with the symbol of plus (+) in the lower left corner of the screen (see Figure 2). Then save the alias by clicking the "Save". We must implement the changes to begin functioning immediately. To activate the changes just click the "Apply changes" that automatically appears in a box at the top of the list of aliases. There already have our pro alias Gmail SMTP, if Google change the future, or add new IPs just change the alias .

We will now rule for the creation of free traffic to Gmail. The menu "Firewall" -> "Rules", then click on the tab LAN, we want to include a rule that frees the traffic on our internal network to Gmail. On the screen of rules for the LAN click on the icon with the symbol of plus (+) in the upper right corner of the screen (add new rule). On the next screen (Figure 3) Edit the new rule by filling out the following fields: Action = Pass (default) and Destination (Type: Single host or alias) = SMTP_GOOGLE, Destination port range (from and to any: any) and Any description = -> Gmaill. This field is only a description and can be any descriptive text. The other fields are with the default values, it is not necessary to change them. After ready just click on "Save" to save the rule, the rule is stored must implement the changes so as to work immediately. To apply the changes (reload the rules) is just click the "Apply changes" that automatically appears in a box at the top of the list of rules. Similar to obstruct the SMTP standard can lock on the door or release other protocols / ports using the same steps explained here, obviously with necessary adjustments.

It is important to note that the firewall rules are applied from above to get down (which appears at the top of the list has priority over the second rule, and so on). To change the position between the rules just use the arrow button in the form of (<=) which is in front of the rule, which makes up the rule, applied after the mundanças already be worth.

(Click on pictures to enlarge them)

Figure 1: Display the alias pfsense

Figure 2: Creating new alias on pfsense

Figure 3: creating new rule firewall with the alias

Figure 4: listing of the rules Firewall psfsense

Figure 5: detail of the alias being used in the rules of pfsense