1
General Discussion / Blocking incoming traffic at the LAN/OPT level instead of the WAN
« on: April 05, 2018, 01:58:48 am »
Hello everyone. I'm pretty new to opnsense, so hopefully this isn't a dumb question. But I'll try to run through my setup.
I have 2 physical NIC on which 1 is the WAN and the other has multiple VLANs. My problem is that apparently I don't know how to set up WAN to properly pass through traffic to the VLANs. For example, let's say I want to block ICMP on VLAN 5.
I can block it at the WAN and it's fine, but I don't want a massive list of incoming rules for all my VLANs on the WAN. I'd rather handle it at the VLAN level.
If I tell WAN to just pass the traffic through, even if I have a rule blocking ICMP on VLAN 5, it still goes through. As well as I can tell, this is because when the rule was matched to accept the traffic at the WAN level, it stopped caring about everything else and just let it go on through.
How do I set this up? Basically I just want WAN wide open so I can filter incoming on my VLANs as I see fit.
I have 2 physical NIC on which 1 is the WAN and the other has multiple VLANs. My problem is that apparently I don't know how to set up WAN to properly pass through traffic to the VLANs. For example, let's say I want to block ICMP on VLAN 5.
I can block it at the WAN and it's fine, but I don't want a massive list of incoming rules for all my VLANs on the WAN. I'd rather handle it at the VLAN level.
If I tell WAN to just pass the traffic through, even if I have a rule blocking ICMP on VLAN 5, it still goes through. As well as I can tell, this is because when the rule was matched to accept the traffic at the WAN level, it stopped caring about everything else and just let it go on through.
How do I set this up? Basically I just want WAN wide open so I can filter incoming on my VLANs as I see fit.