Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow only Internet (WAN)

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      mbaechtold
      last edited by

      Hi

      I have a pfSense box up and running and would like to enable one interface (GUEST) for guest clients who can only access internet (WAN).
      I have already have LAN and DMZ configured.
      What rules are required to accomplish this? I tried to set destination to "WAN address" without any succes.

      Greetings

      Martin

      1 Reply Last reply Reply Quote 0
      • T Offline
        tommyboy180
        last edited by

        If you already have a DMZ then use those rules as a template.

        -Tom Schaefer
        SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

        Please support pfBlocker | File Browser | Strikeback

        1 Reply Last reply Reply Quote 0
        • C Offline
          clarknova
          last edited by

          1. Create an alias with the LAN and DMZ subnets.
          2. Create a firewall rule on the GUEST interface to pass from GUEST subnet to NOT [alias].

          If your LAN and DMZ are both in private address space then you can just create your alias in step 1 to include all RFC1918 networks, which is something you should not be routing to the internet anyway.

          db

          1 Reply Last reply Reply Quote 0
          • M Offline
            mbaechtold
            last edited by

            clarknova, this sounds very promising, thank you for the hint.
            I will try it tomorrow and post back here.

            Martin

            1 Reply Last reply Reply Quote 0
            • M Offline
              mbaechtold
              last edited by

              The following rules on the interface GUEST worked for me:

              Block GUEST -> DMZ
              Block GUEST -> LAN
              Pass Guest -> *

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.