trying to block outbound traffic from a couple of ip addresses

Started by sproket90, January 28, 2021, 12:14:44 AM

Previous topic - Next topic
HI

I am new to opnsense and am trying to block several ip addresses from accessing internet.

I can put the rule in the firewall but the ip addresses still get to the net.  looking at the firewall log live view I am only seeing the wan address of the firewall accessing the net.

I am wondering if the packets are being nat'd before the firewall recognizes them?

Shouldn't I see all the Lan IP addresses going through the firewall?  is there a setting i missed.?

TIA
Sproket90

Put your block rule inbound into the LAN interface, above the default allow to any rules

Basically traffic flow is: traffic from LAN clients come into OPNsense on the LAN interface, then (on IPv4) get NAT'd and exit OPNsense on the WAN interface with the public IP. There are default rules on both LAN and WAN interfaces to allow this

that is what I have above the default rule,


when I access the internet from the blocked IP address I don't see that ip address in the firewall live view



Destination should be "any"

Edit: or at least "!LAN net" (ie anything other than LAN net, inverse match in the rule) if you want those IPs to be able to access other LAN IPs

And you have the rule applying "out" of the interface. As I said above, should be "in"




Actually, even with an "any" destination it should still allow LAN access since that would be layer 2 not layer 3 and therefore not affected by the firewall