Hello there,
I just got OPNsense up and running. In my current configuration, I have two interfaces:
LAN (192.168.0.1/24)
WAN (192.168.2.236/24)
In my LAN network, I have a client connected through a Wi-Fi access point. The client receives its network configuration via Dnsmasq DHCP. DNS is configured manually on the client's network adapter.
I created an outbound NAT rule to allow the LAN network to communicate with the internet. I attached the NAT rule below.
However, the firewall handles the traffic as if it originates from the firewall host itself and allows the traffic through the let out anything from firewall host itself rule, effectively bypassing the default deny behavior. I attached my current firewall rules as well.
I also disabled all LAN interface rules, but the traffic still passes through directly.
Additionally, I attached a log screenshot where you can see the traffic being forwarded to the WAN gateway by the let out anything from firewall host itself rule.
I do not want this behavior. Every allowed connection should be explicitly defined by my own firewall rules. No traffic should be able to leave the LAN unless I manually permit it in the rules tab.
What am I doing wrong?