Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Block range of LAN hosts from ANY Internet access
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: Block range of LAN hosts from ANY Internet access (Read 4363 times)
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Block range of LAN hosts from ANY Internet access
«
Reply #15 on:
January 07, 2021, 07:05:16 am »
No I am talking about in the LAN rule - Gateway under advanced features
Logged
RGN01
Newbie
Posts: 18
Karma: 0
Re: Block range of LAN hosts from ANY Internet access
«
Reply #16 on:
January 07, 2021, 07:16:06 am »
Ah, sorry, I misunderstood.
That is only possible on 'in' direction - trying to configure for 'out' gives the attached error message.
Having said that, setting it on 'in' does seem to be working so thank you for your suggestion! I'm out of time now but will continue testing this evening and report back.
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Block range of LAN hosts from ANY Internet access
«
Reply #17 on:
January 07, 2021, 07:16:51 am »
You want the rule to apply “in” - it is traffic coming from a device on the LAN into the LAN interface on OPNsense
Logged
RGN01
Newbie
Posts: 18
Karma: 0
Re: Block range of LAN hosts from ANY Internet access
«
Reply #18 on:
January 07, 2021, 09:28:49 pm »
Thank you, Greelan. I now realise that I had got myself completely confused about what was 'in' and 'out'. It is working now.
I must thank you and this forum for your assistance - much appreciated!
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: Block range of LAN hosts from ANY Internet access
«
Reply #19 on:
January 07, 2021, 09:45:15 pm »
No problem
The other thing to understand is that, because of outbound NAT on IPv4, traffic going out the WAN interface to the internet won’t have as its source IP the internal IP of your cameras, but instead your public IP (otherwise return traffic from the internet could not find its way back). You can see this if you watch the WAN interface in the live firewall logs. That’s why your WAN rules didn’t work
In any event, usually the best approach to firewall rules is to apply them on the interface where the traffic is first handled by OPNsense (in your cameras’ case, the LAN interface). Saves unnecessary processing of traffic that is going to dropped anyway later
Logged
RGN01
Newbie
Posts: 18
Karma: 0
Re: Block range of LAN hosts from ANY Internet access
«
Reply #20 on:
January 08, 2021, 06:20:32 am »
Thanks again - all useful comments and thoughts, too.
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Block range of LAN hosts from ANY Internet access