Doesn't block outgoing
I'm sure it must be something on my side, I'm sure I'm stupid, etc etc etc, and so on and so forth, nevertheless: outgoing LAN is not blocked.
1. I have a Synology.
2. I don't want it to go anywhere except for downloading from 1 usenet server.
3. Top firewall rules on LAN are as in zpic001. Rx = Rulex.
4. The rules in more detail:
A. Rule1: Allow SYNOLOGY (192.168.x.xx) out to router (NWRK_PFSENSE = 192.168.x.x, 127.0.0.1) on management ports 53, 123, 80, 443. The router is the DNS-forwarder (‘unbound’) for my whole LAN (no external DNS servers outside LAN allowed).
B. Rule2: BLOCK SYNOLOGY out to any other host (= the ‘!’ in front of NWRK_PFSENSE) for the above 4 management ports.
C. Rule3: Allow SYNOLOGY out to two specific usenet hosts (NO synology website or server is included in here, I triple-checked).
D. Rule4: Block SYNOLOGY out anywhere.
5. Nevertheless, the Synology is happily checking for updates. Pic zpic002.
6. My dear friends over @ Synology ("Made in Taiwan", not "Made in China", so to speak) are also wondering what is going on and asked me to do this from the Synology CLI: "curl https://update.synology.com/autoupdate/genRSS.php".
7. Not surprisingly, that went through very well too: Pic zpic003.
So it is not blocking anything, even 'though the block rules are the TOP most TOP rules. I even rebooted the box 57147 times to make sure there was no caching or anything whatever.
I'm sure, as always, I did something wrong, but what?
Thank you for any help.
Oh, I forgot, the latest of the greatest (version), of course, just to make sure.
firewall rules only block connections incoming to that interface. In order to block outgoing connections, you will need to setup a floating rule.
You should also read https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules especially the alternate causes section.
Thank you Sir ;D
However, if I block all, it does work. Pic 004 for example, that server does not go out anywhere.