How to totally block internet access completely. Stumped.

[Atomical]

Hi All,

I have gone through numerous forum posts on this subject and I'm banging my head against the wall over it. I can get the rule to work but its still letting some internet traffic in..   I have a LAN rule set as per the screenshot below..



The issue is the device loses internet slightly, so say for instance they get a message on facebook it gets in, same with video calls initialising but obviously not acknowledging the answer.

Also can ping google 8.8.8.8 for instance.

Is there a surefire way to completely block internet access?

Hope someone has the answer I have blindly missed.

[sp33dy]

Do you have that rule above all other rules that let traffic out

and when you say "let trafic in" i asume you meen internal client is requesting the session and the response/notify get "in" that way

[chemlud]

You have not understood the way firewall rules are ste up in OPNsense. Direction "IN" always is relative to the respective interface. So "IN" on LAN means comming from a client of your LAN, meant to leave OPNsense via a different interface.

Delete this nonsense and back to square one...

[Gauss23]

Hi All,

I have gone through numerous forum posts on this subject and I'm banging my head against the wall over it. I can get the rule to work but its still letting some internet traffic in..   I have a LAN rule set as per the screenshot below..



The issue is the device loses internet slightly, so say for instance they get a message on facebook it gets in, same with video calls initialising but obviously not acknowledging the answer.

Also can ping google 8.8.8.8 for instance.

Is there a surefire way to completely block internet access?

Hope someone has the answer I have blindly missed.

You need to reset states or do a reboot after setting such a rule. Connections that were open before creating that rule, will still be possible because the OPNsense has states saved for those connections.

[Atomical]

You need to reset states or do a reboot after setting such a rule. Connections that were open before creating that rule, will still be possible because the OPNsense has states saved for those connections.

Thanks Gauss23 that was it, I wasn't resetting the states (Never crossed my mind) Also added in disable reply-to as well helped.

You have not understood the way firewall rules are ste up in OPNsense. Direction "IN" always is relative to the respective interface. So "IN" on LAN means comming from a client of your LAN, meant to leave OPNsense via a different interface.

Delete this nonsense and back to square one...

Thanks chemlud, your excellent knowledge of Firewalls surpasses my feeble attempt....... however Gauss23 hit it out of the park with his answer...