Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: deanfourie on February 12, 2025, 11:29:37 AM

Title: Block traffic between interfaces?
Post by: deanfourie on February 12, 2025, 11:29:37 AM
So, I am really struggling with this.

I have 3 LAN interfaces, I am simple trying to block traffic between all of them. But it doesn't appear to be that simple.

On interface LAN, I am putting the following rules

BLOCK source ALL to destination LAN2 net ALL SERVICES
BLOCK source ALL to destination LAN3 net ALL SERVICES

I am doing the same on all interfaces for the respective networks. This seems to stop ICMP traffic, however I can still hit the router login page at the LAN2 and LAN3 gateway address from LAN1, so clearly for some reason this is not blocking HTTP/HTTPS traffic.

What am I missing here?

Thanks
Title: Re: Block traffic between interfaces?
Post by: meyergru on February 12, 2025, 11:33:36 AM
There is an anti-lockout rule in the automatically generated rules. It can be disabled via "Firewall: Settings: Advanced" - but be careful not to lock yourself out.

Title: Re: Block traffic between interfaces?
Post by: deanfourie on February 12, 2025, 12:19:43 PM
Quote from: meyergru on February 12, 2025, 11:33:36 AMThere is an anti-lockout rule in the automatically generated rules. It can be disabled via "Firewall: Settings: Advanced" - but be careful not to lock yourself out.



Thanks, I thought it might be the anti lockout rule but couldnt disable.

I will disable on all except the LAN interface.

Thanks
Text only | Text with Images