OPNsense Forum
English Forums => General Discussion => Topic started by: cybersans on February 14, 2021, 05:59:59 am
-
dear all,
i am new here. register as a member so that i can ask this:
for what i understand, the default rules for WAN is blocking inbound and allow outbound while for LAN is allowed both in and out.
what should i put so that WAN is blocking both inbound and outbound and i specify certains rules to allow outbound at WAN (for example, allow outgoing 80 & 443) only.
for your information, i want to set this rules at gateway level (WAN/PPPOE?) and not at LAN interface only, so that both LAN network and opnsense/gateway/pppoe also restricted by this rules.
i already put the rules at WAN:
1. block (direction out, source any, destination any)
2. allow (direction out, source any, destination any, destination ports alias 80,443)
doesn't work.
so i try at floating rules
1. block (direction out, interface not selected, source any, destination any)
2. allow (direction out, interface not selected, source any, destination any, destination ports alias 80,443)
it works, but i caused the port forwarding from outside (from internet to a website forwarded to a LAN machine) failed, although it already been defined in NAT rules.
if i put that rules in a LAN interface, it works, but it only filters outbound access from LAN pc, and not the gateway/opnsense itself.
so my question is, which interface should i use so that the rules applied to both firewall and a machine inside the LAN?
-
no one like to answer?
ok let me rephrase my question again.
are there some pre-defined ruleset made by opnsense (which can't be edited via web gui) that prevent me to put:
block drop out quick on pppoe0 all
and
pass out quick on pppoe0 from any to any port = 1234 keep state
so that i can block outgoing at the pppoe0 and allow certain ports only?
the only setting that successful is via LAN. but it still not achieve my needs because from the shell itself can connect to the outside because the filter only made at the LAN interface
thank you
sans