@zaphanathpaneah said in pFsense cannot ping devices directly connected:
for example I want to prevent traffic from one subnet moving to another. I have 4.
Here is a simple example of locked down rules.
lockdown.jpg
Devices on this network can not talk to any of my other networks, because all of my other networks are rfc1918 space, and there is a rule that blocks that access.. While rules above it allow what I want.. Ping Pfsense IP, ask pfsense address on this network for dns, I also allow this network to talk to my pihole on another network for dns. I allow it to ask pfsense for ntp. But they can not talk to any other pfsense IP be it for dns or webgui or ssh or anything because of the specific this firewall reject rule. This also prevents them from access pfsense public wan IP for anything.. Because the last rule allows any any, that has not been block above it.
The rfc1918 alias contains all the rfc1918 space, so any of my current networks or future networks would all be in rfc1918 space... If I created a network outside rfc1918 space, then that any any rule at the bottom for internet access would end up allowing that traffic.