Captive portal interface can access LAN side
- 
 I real am a new to this firewall problem. I search google and forum but I can't help myself out of this problem. 
 Captive portal and other function do well , my problem is users from cp side can access to all my LAN side after they successfully authenticated. They can access resourse of LAN. I tried to block , but I don't know what I'm doing. Please show me answer.Here is my configuration: WAN : 192.168.1.3 DHCP (address reservation) 
 LAN : https://192.168.1.4:7777 (same network with wan)
 CP: 192.168.10.1Firewall rule, I leave default to WAN and LAN . I put CP firewall like this : PASS > any > any > any > SAVE. (if I don't put pass rule , CP user can't access to internet) Thanks you. 
 *** This is terrible , I can't find the right answer. Help me please.
- 
 Your problem is that WAN and LAN use the same address range. Take a different IP address range for the LAN and then you can block CP traffic trying to get into that range. 
- 
 I'm sorry , that can't help. 
 I change my LAN ip to different network > 192.168.2.4 .
 Still CP side can access , pfsense WAN > 192.168.1.3 and LAN.I think i have to change some firewall rule. How to do firewall rule to access internet but not to other network from CP side? 
 sorry for my english
- 
 what about putting one more firewall rule on CP interface: 
 DENY > any > 192.168.1.0/24 > any > SAVEedit: put the rule before the "allow any any" one 
- 
 And push that new rule to the top of the list, so it gets precedence over any "allow all" rules. No need to apologize for your english. Edit: okay…seems that lsense was a bit faster with the edit ;)