Solved What is the difference between setting rules on internal and external interfaces?

[sdf]

Hello everyone,

What is the difference between setting rules on internal and external interfaces?

Such as
exit_if # external interface
int_if # internal interface

block out on $ext_if from any to <badhosts>

and

block in on $int_if from any to <badhosts>

Is there a fundamental difference between the two?
Thanks.

 

[ShelLuser]

The difference would be the interface, resulting in a different "target audience".

Sorry to be a little blunt here but do you actually try to think these things through or do you just ask away? Because, with all due respect, this seems a bit too obvious for me. As some of your other questions.

But that's just my 2 cents.

2 interfaces, 2 different networks so obviously the rules you add will apply to those different networks. Generally speaking an external interface is where a public network resides (Internet) whereas internal would be where your LAN is located. As such the difference is the network you're blocking (or allowing), so your target audience.

 

[kpa]

Filtering on ingress vs. egress, both have uses depending on where the traffic originates. Anything coming in from int_if you would filter on incoming. For traffic that originates from the firewall itself you have no other choice but to filter on outgoing direction on ext_if.

 

[Eric A. Borisch]

To be literal, there is no fundamental difference; the name is just a name. Now practically those names typically are defined to refer to different network adapters, so what physical adapter has the rule applied to it will change of the values of $ext_if and $int_if are different.

As an aside, a more typical rule is along the lines of block in on $ext_if from <bad_hosts>