Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Help needed with firewall rules to BLOCK Internet
« previous
next »
Print
Pages: [
1
]
Author
Topic: Help needed with firewall rules to BLOCK Internet (Read 171 times)
kmavrov
Newbie
Posts: 2
Karma: 0
Help needed with firewall rules to BLOCK Internet
«
on:
November 14, 2024, 09:36:35 am »
So i have a NoT VLAN (for local only IoT devices that i don't want to communicate with anything, except my Home Assistant instance).
So far i have managed to block traffic to other networks and allow access only to Home Assistant.
I have also managed to somewhat block Internet access:
ping google.com
does not
provide any results which is fine.
But int the same time:
ping 216.58.213.110
does return
results - which is not fine because the things i want to block try to communicate with IPs directly, not domains.
Here is a screenshot of my current rules so far:
Logged
dseven
Sr. Member
Posts: 319
Karma: 34
Re: Help needed with firewall rules to BLOCK Internet
«
Reply #1 on:
November 14, 2024, 09:45:49 am »
The last (bottom) rule allows NoT net to "any", which includes the whole internet. You probably want to delete (or at least disable) that rule.
«
Last Edit: November 14, 2024, 11:31:28 am by dseven
»
Logged
kmavrov
Newbie
Posts: 2
Karma: 0
Re: Help needed with firewall rules to BLOCK Internet
«
Reply #2 on:
November 14, 2024, 11:24:17 am »
Oh, that was it. Thank you!
Logged
EricPerl
Jr. Member
Posts: 91
Karma: 2
Re: Help needed with firewall rules to BLOCK Internet
«
Reply #3 on:
November 15, 2024, 09:55:12 pm »
And then, if you don't have other rules below the RFC1918 rule, that rule is effectively useless.
Its only value would be to generate a log entry if you disabled logging of the default block rule.
You could tighten the timeserver rule (protocol-UDP and port-NTP). That's standard.
Ditto for HA. They likely document that...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Help needed with firewall rules to BLOCK Internet