Block vs Allow Invert Match?

Hello all,

Been watching Tom’s videos on pfsense and noticed he sets firewall rules to Allow then Invert Match. How is that different from setting Action to Block?


It’s similar in function to Block/Allow, however more eloquent and easier to implement.


A) Single Pass Rule with Invert Match set, and an Alias used for Blocked Content. (eg, other lan networks, etc)

B) One Block Rule with Aliased Blocked Content, and than a Second Pass Rule for GTG Traffic.

(A) Lets you allow traffic everywhere ‘except’ your aliased content, (B) First blocks than allows. If you have to deal with multiple alias lists and such, a single rule is vastly easier to contend with than several for the same task. I’d rather kill two bird with one stone, but that’s just me.

1 Like