basic fw troubleshooting

[9axqe]

Hello,

I'm still very new at opnsense, so apologies in advance if this is a very trivial question.

Scenario:
* I believe I have blocked specific IPs on my LAN subnet from talking to the LAN subnet in general (they should only have internet access).
* On a device with such an IP (I checked the IP both in DHCP leases and on the device itself, let's say it's 192.168.1.201) I load http://192.168.1.100. It works, which is not what I expect.

Now I would like to troubleshoot it and understand which fw rules is allowing this through.

But I cannot find this connection anywhere, neither under troubleshooting>states, nor under troubleshooting>sessions. In both cases, I filter using the .201 IP. I do see some connection from that IP, but all to the internet, nothing to a the .100 IP.

What am I missing?

[Monviech (Cedrik)]

All devices in the same subnet 192.168.1.0/24 (=connected to the same switch in the same VLAN) can talk to each other directly by using the ARP protocol.

You cant block that traffic with a standard configured opnsense. For such scenarios you need a Layer 2 Firewall. If you have enough ports you can look into transparent bridge configuration.

[9axqe]

Ah, of course... I do have a bridge and I see some LAN traffic on Sense, at least the traffic that has to cross the bridge and I wrongly assumed I was supposed to see all LAN traffic...