This recipe describes how to create a floating rule.

Floating firewall rules have several distinct advantages over non-floating rules:

• They can apply to more than one interface at a time. This saves us from having to make copies of essentially identical rules on different interfaces, and is handy in a number of situations in which we want a rule to be in effect on multiple interfaces.

• Whereas conventional firewall rules are only invoked when packets leave an interface, floating firewall rules may be invoked when traffic enters an interface (in), when it leaves an interface (out), or either direction (any).
• In the Action drop-down menu, in addition to the Pass, Block, and Reject options that are available for conventional firewall rules, there is a fourth option called Match. If this option is selected, the rule will be applied to packets matching the rule, but the pass/block status of the packets will not be affected. This option is often used for traffic shaping, as we can use a Match rule to divert certain packets into different queues.
• There is also an option called Quick. If we enable the Quick checkbox, the rule will be applied to packets that match the rule criteria immediately. If this option is not enabled, however, the rule will not be applied until the conventional per-interface rules have been applied. This option should be used with care, as enabling it will cause a floating rule to supersede per-interface rules.

In this recipe, we will create a floating rule that will recreate the default Allow LAN to any rule, but we will apply it to all local interfaces.