How to Block DNS Requests from LAN Devices?
-
Is the pfSense the LAN users DNS ?
Please post a screenshot of your FW LAN rules
-
Yes (if I understand you correctly). I have not created any rules that were not present in the default settings.
-
Please post a Screenshot of your LAN Firewall Rules (you can attach the img in "aditional options")
-
Just create a rule as the ones from the attached screenshot, and "put" above any "pass" rule.
Is really difficult to help you without knowing (see) your FW rules.
-
Ok, the rule from my previous post should work, just make sure that it is above the Default allow LAN to any rule
-
Thanks–I'll give it a try.
-
Oops! The rule appears to work–with one major problem: I am assigning fixed IPs to my client computers, so I must specify my pfSense router address in each client--the rule also appears to block this (local LAN) address and, as a result, my clients can't talk to the router! Is there a way I can make an exception to the rule so it does not block the pfSense router address?
:(
-
That rule posted would only block access to tcp/udp 53 that is NOT your pfsense lan address.
It would not block access to your pfsense lan address on 53, and then your next default allow rule would allow access to everything that is not based on 53 port
You setting static IPs on devices has nothing to do with anything.
Post your lan rulesetup up again. So we can see what you did wrong.
-
Ah, I tried the setup quickly, early this morning, when I was in a rush. I retried it again and discovered that I had neglected to configure the "destination" changes in the rule this morning. It appears to be working now–I'll find out if it still works the next time I reboot pfSense. Thanks ptt and johnpoz.
:)
-
Ah, I tried the setup quickly, early this morning, when I was in a rush. I retried it again and discovered that I had neglected to configure the "destination" changes in the rule this morning. It appears to be working now–I'll find out if it still works the next time I reboot pfSense. Thanks ptt and johnpoz.
:)
Bad network admin. Fixed/hardcoded IPs on clients are bad juju. pfSense can do DHCP reservations - use them. DHCP makes your life much easier. Why do you want your life to be difficult? ;D
