PFsense firewall with nethserver as mail server

You could further secure this by defining a class B subnet on the computers and servers, but defining rules on class C based subnets. Example:

Workstations: 172.16.0.x/16
Servers: 172.16.1.x/16

You can now define rules in PfSense that allow traffic from 172.16.0.x/24 to wherever and back, but prevent any WAN traffic being allowed to 172.16.1.x/24, unless you expect it (defined a rule for it), while they are still in the same network and on the same switch.

1 Like