Block range of LAN hosts from ANY Internet access

Started by RGN01, January 06, 2021, 10:01:05 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
January 07, 2021, 07:05:16 AM #15
No I am talking about in the LAN rule - Gateway under advanced features
January 07, 2021, 07:16:06 AM #16
Ah, sorry, I misunderstood.

That is only possible on 'in' direction - trying to configure for 'out' gives the attached error message.

Having said that, setting it on 'in' does seem to be working so thank you for your suggestion! I'm out of time now but will continue testing this evening and report back.
January 07, 2021, 07:16:51 AM #17
You want the rule to apply "in" - it is traffic coming from a device on the LAN into the LAN interface on OPNsense
January 07, 2021, 09:28:49 PM #18
Thank you, Greelan. I now realise that I had got myself completely confused about what was 'in' and 'out'. It is working now.

I must thank you and this forum for your assistance - much appreciated!
January 07, 2021, 09:45:15 PM #19
No problem

The other thing to understand is that, because of outbound NAT on IPv4, traffic going out the WAN interface to the internet won't have as its source IP the internal IP of your cameras, but instead your public IP (otherwise return traffic from the internet could not find its way back). You can see this if you watch the WAN interface in the live firewall logs. That's why your WAN rules didn't work

In any event, usually the best approach to firewall rules is to apply them on the interface where the traffic is first handled by OPNsense (in your cameras' case, the LAN interface). Saves unnecessary processing of traffic that is going to dropped anyway later
January 08, 2021, 06:20:32 AM #20
Thanks again - all useful comments and thoughts, too.
Print
Go Up Pages 1 2
User actions