Deny all internal traffic but allow all internet traffic
-
What kind of rule would I want if I want to deny all traffic to any internal subnet but allow all traffic to the internet.
-
Create a block all rule on WAN interface…..
-
ok let me explain a little better
I have my pfsense box with 6 nics
4 lan and 2 wan
I want rules on each one of the lan's that specifies it can only communicate with the internet and absolutely no other internal subnets of any kind.
-
So put a block entry on a LAN with the other LANs being blocked.
Its always easier and more secure to block all and then enter exceptions. Do that for your LANs. BLock traffic from this LAN, Allow traffic to internet.
Easy.
-
Why not use VLAN???