Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    RFC1918

    Firewalling
    3
    4
    577
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • QinnQ
      Qinn
      last edited by

      0_1544025663346_00305e11-10a7-49f1-905d-5774bced97ab-image.png

      Hi there,
      I use the RFC alias above to reject access from a subnet to other private networks. After this rule there is the ipv4 pass this net to any rule.

      So far so good, well, what I don't understand is that I can access any node on the same subnet in my case 192.168.5.x (I would think the alias would also block access to nodes on the same subnet). The only one I cannot access is the firewall 192.168.5.1?

      Hardeware: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz 102 GB mSATA SSD (ZFS)
      Firmware: Latest-stable-pfSense CE (amd64)
      Packages: pfBlockerNG devel-beta (beta tester) - Avahi - Notes - Ntopng - PIMD/udpbroadcastrelay - Service Watchdog - System Patches

      GrimsonG V 2 Replies Last reply Reply Quote 0
      • GrimsonG
        Grimson Banned @Qinn
        last edited by

        @qinn

        RTFM https://www.netgate.com/docs/pfsense/firewall/firewall-rule-troubleshooting.html#unfilterable-traffic

        1 Reply Last reply Reply Quote 2
        • V
          viragomann @Qinn
          last edited by

          @qinn said in RFC1918:

          I would think the alias would also block access to nodes on the same subnet

          You're right, indeed. But pfSense can only block packets which try to pass it. Packets between devices within the same subnet connected to a switch will not access pfSense.

          1 Reply Last reply Reply Quote 1
          • QinnQ
            Qinn
            last edited by

            You both are right of course. Now I have I blocked access between nodes on the same subnet using client Isolation on the AP.

            Hardeware: Intel(R) Celeron(R) J4125 CPU @ 2.00GHz 102 GB mSATA SSD (ZFS)
            Firmware: Latest-stable-pfSense CE (amd64)
            Packages: pfBlockerNG devel-beta (beta tester) - Avahi - Notes - Ntopng - PIMD/udpbroadcastrelay - Service Watchdog - System Patches

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.