How to block outgoing traffic?

Started by nicqq, September 18, 2025, 11:15:15 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 18, 2025, 11:15:15 PM
hello; we have two dmz's, dmz-arena and dmz-debi interfaces and 1 pppoe as wan.

how to only allow tcp/443&80 outgoing traffic for hosts on dmz-debi via wan?

dmz-arena has not restriction for outgoing traffic
September 19, 2025, 03:19:07 PM #1 Last Edit: September 19, 2025, 03:22:41 PM by caplam
Not sure but when you setup a rule it's better to put it on the first interface hit by the traffic.
So in that case on dmz-debi in.
Supposing you don't have a rule on that interface that allow other traffic, you can make this one
action: pass
direction: in
protocol: tcp
source: dmz-debi net
destination: !Private_Networks
dest port: webserver (webserver should be created first as an alias for port group 80&443)

I wonder what should be the utility of that rule.
Edit: it could be different according the other rules already in place.
September 19, 2025, 08:46:47 PM #2
how do you do that !
September 19, 2025, 08:54:44 PM #3
Firewall > Rules > pick the interface > click on the little "+" sign to add a rule ...
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
September 19, 2025, 10:53:27 PM #4
Well, OPNsense does allow WAN-In WAN-Out LAN-In and LAN-out rules (lan wan just common names, etc). Other than traffic from fw itself, why would I use WAN-Out LAN-Out rule?
Mini-pc N150 i226v x520, FREEDOM
Print
Go Up Pages1
User actions