Acces rule LAN

stanthewizzard · April 13, 2021, 10:05:24 AM

Hello

I have this rules for LAN (192.168.0.0) and Livebox is 192.168.1.1
   deny in IPv4 TCP   ! *   80 (HTTP)   Livebox    80 (HTTP)   *   *
   allow in IPv4 *   *   *   *   *   *   *   Default allow LAN to any rule
   allow in IPv6 *   *   *   *   *   *   *   Default allow LAN IPv6 to any rule

BUT
I still can acces Livebox from any machine on LAN.

What am I not understanding ?

Thanks for help

chemlud · April 13, 2021, 10:17:10 AM

You simply can't control LAN traffic, it goes directly from client to client and never reaches the OPNsense....

lfirewall1243 · April 13, 2021, 11:12:14 AM

You'll need to seperate your network in different Subnets to make the traffic pass OPNsense

juere · April 13, 2021, 11:16:44 AM

Quote from: chemlud on April 13, 2021, 10:17:10 AM
You simply can't control LAN traffic, it goes directly from client to client and never reaches the OPNsense....

Quote from: lfirewall1243 on April 13, 2021, 11:12:14 AM
You'll need to seperate your network in different Subnets to make the traffic pass OPNsense

both definitely true, but maybe not applicable to stanthewizzard's problem.
His "Livebox" (whatever this is) seems to live in a different network segment 192.168.1.0/24.

I think, the firewall rule is wrong in two aspects

- the negation of source "any"
- the specification of source port "80"

and should read

Code Select


deny in IPv4 TCP    *   *   Livebox    80 (HTTP)   *   *

stanthewizzard · April 15, 2021, 08:56:38 PM

I understand the same subnet issue.
But livebox is outside of it (so should go through the fw)

I'll try asap the last rule suggested.

Thanks for your answers and time

Acces rule LAN

stanthewizzard

April 13, 2021, 10:05:24 AM Last Edit: April 13, 2021, 10:11:16 AM by stanthewizzard

chemlud

April 13, 2021, 10:17:10 AM #1

lfirewall1243

April 13, 2021, 11:12:14 AM #2

juere

April 13, 2021, 11:16:44 AM #3 Last Edit: April 13, 2021, 11:39:48 AM by goodomens42

stanthewizzard

April 15, 2021, 08:56:38 PM #4