Hi Guys,
i have configured the spamhaus on the LAN side we have like 20 VLANS running. do i really have to create on each VLAN the firewall rule for the outgoing ?
all the VLANS are on the LAN living em0.
we have created the rules on the LAN side but not in the VLANS.
https://wiki.opnsense.org/manual/how-tos/edrop.html
You can create a floating rules and select the interfaces ...
For a similar multi subnets config I have created an interface group in firewall and then created the rules for (E)DROP on that group.
It should work
PS Also the "Force redirect external DNS queries to self" rule is created and applied on the same int group
Both ideas are great.
interface group isnt it the same as floating rules ?
thank you for your answer we do already have 4 floating rules one for accesing the gui and one for the productions networks. on each interface we have to apply this rules in order to have access to the web gui. bonjour service and MultiWAN.( see screenshot)
i have created a new 2 rules for the spamhaus on for both directions on the floating rules see attached screenshot.
is this enought or have to apply them on the vlans as well ?
Floating rules are evaluated first and foremost (meaning, before/ on top of the "per interface" rule) so it's not necessary to set them twice.
Hope it helps!
Tschuss!
PS I wasn't around here for a while, sorry the very late answer