Print Page - How to block outgoing traffic?

Title: How to block outgoing traffic?
Post by: nicqq on September 18, 2025, 11:15:15 PM

hello; we have two dmz's, dmz-arena and dmz-debi interfaces and 1 pppoe as wan.

how to only allow tcp/443&80 outgoing traffic for hosts on dmz-debi via wan?

dmz-arena has not restriction for outgoing traffic

Title: Re: How to block outgoing traffic?
Post by: caplam on September 19, 2025, 03:19:07 PM

Not sure but when you setup a rule it's better to put it on the first interface hit by the traffic.
So in that case on dmz-debi in.
Supposing you don't have a rule on that interface that allow other traffic, you can make this one
action: pass
direction: in
protocol: tcp
source: dmz-debi net
destination: !Private_Networks
dest port: webserver (webserver should be created first as an alias for port group 80&443)

I wonder what should be the utility of that rule.
Edit: it could be different according the other rules already in place.

Title: Re: How to block outgoing traffic?
Post by: nicqq on September 19, 2025, 08:46:47 PM

how do you do that !

Title: Re: How to block outgoing traffic?
Post by: Patrick M. Hausen on September 19, 2025, 08:54:44 PM

Firewall > Rules > pick the interface > click on the little "+" sign to add a rule ...

Title: Re: How to block outgoing traffic?
Post by: BrandyWine on September 19, 2025, 10:53:27 PM

Well, OPNsense does allow WAN-In WAN-Out LAN-In and LAN-out rules (lan wan just common names, etc). Other than traffic from fw itself, why would I use WAN-Out LAN-Out rule?

OPNsense Forum

English Forums => General Discussion => Topic started by: nicqq on September 18, 2025, 11:15:15 PM