trying to block outbound traffic from a couple of ip addresses

[sproket90]

HI

I am new to opnsense and am trying to block several ip addresses from accessing internet.

I can put the rule in the firewall but the ip addresses still get to the net.  looking at the firewall log live view I am only seeing the wan address of the firewall accessing the net.

I am wondering if the packets are being nat'd before the firewall recognizes them?

Shouldn't I see all the Lan IP addresses going through the firewall?  is there a setting i missed.?

TIA
Sproket90

[Greelan]

Put your block rule inbound into the LAN interface, above the default allow to any rules

[Greelan]

Basically traffic flow is: traffic from LAN clients come into OPNsense on the LAN interface, then (on IPv4) get NAT’d and exit OPNsense on the WAN interface with the public IP. There are default rules on both LAN and WAN interfaces to allow this

[sproket90]

that is what I have above the default rule,


when I access the internet from the blocked IP address I don't see that ip address in the firewall live view

[Greelan]

Destination should be “any”

Edit: or at least “!LAN net” (ie anything other than LAN net, inverse match in the rule) if you want those IPs to be able to access other LAN IPs

[Greelan]

And you have the rule applying “out” of the interface. As I said above, should be “in”

[sproket90]

ah ha. 

Thank you that was it!!!

 

[Greelan]

See also my edit above regarding the destination

[sproket90]

got it!

 

[Greelan]

Actually, even with an “any” destination it should still allow LAN access since that would be layer 2 not layer 3 and therefore not affected by the firewall