OPT1 Firewall DNS Issues.

[EmperorsLounge]

Hi all, I have the following problem:
My LAN is 192.168.1.1/24 with DHCP pool 192.168.1.10-254 and sub network of 192.168.50.1/24 with DHCP Pool 192.168.50.2-254. I want to block my login page on the 192.168.50.1/24 subnet. OPNsense system by default allows it on both networks. I tried a firewall rule blocking just the 192.168.1.1 but I'm faced with the DHCP Server stops registering IP's on that subnet. What would you guys suggest to just block the opnsense login interface without losing the DHCP Server set. I tried to block all traffic and just pull dhcp and dns and it pulls the dhcp but won't pass the dns server. I have a firewall with block rules. Tried first and last rules and when my block rules are as last rules it seems to pass it all along even if I remove the Allow All Network out.

[EmperorsLounge]

New set of rules here as well. I added the blocking rules as last match. I have tried to add DNS but it just stated DNS can't respond.

[Hilbert]

Hi,
You can add firewall rules per interface, just add a block rule on the OPT1 interface to block trafic to the opnsense address and port
Say OPT1 has 192.168.50.1 as opnsense address and port 8443 than add a rule to block all trafic to that address.

It is easier to add a specific block rule than to create a reverse allow rule ;-)

Regard Hilbert

[EmperorsLounge]

Trying to block all ports due to security I got everything working other then the dns doesn't resolve at all.

[EmperorsLounge]

Trying to block all ports due to security I got everything working other then the dns doesn't resolve at all.

I added my block rules to the OPT1 Interface. trying to block all ports but DHCP and DNS Server.