Posted on 2014-12-24
I have a question that is more of the operation of a firewall, not necessarily a problem with its operation.
I recently setup pfsense on an old pc and just got it working with the help of an Experts Exchange expert. Since then I've added more firewall rules and they are working fine, so I want to make sure I have the concept of what is happening correct.
When I make a rule, for the source interface, for port I use any. At first I thought the best security would be to specify a source port, but the source is a computer on my LAN, and, if I have this correct, a pc on my LAN would be using any random port it generates.
For example, on a computer on my LAN, when I click on a link on a webpage, http traffic is port 80, but the computer needs to keep track of several separate data sockets for port 80 because let’s say, on the website I'm on, there is a flash player video running, and I have a few tabs opened. So each of those tabs, and that flash video all have a separate data socket to whichever web server that serves those links. I picture it as, port 80 is a highway, and all the separate sockets are the lanes. These lanes would be assigned a random port number. Unlike a real highway, the data in the lane that it is assigned can not change lanes. If you are a bit of data, and you have been assigned port 2356 on highway 80, you must stay in that lane, and that way the computer knows which link you belong to on a webpage. So because there is all these separate “lanes” on highway 80, and the port assignment for these lanes is random, on the firewall, you can’t specify a port on the outgoing traffic.
So does that sound like I have this concept correct? Anything I left out? Or even better, is there some trick on a firewall in which you can specify outgoing ports, which would be better security than allowing any port?