Block access from LAN to WAN
-
Hello!
I hope someone can help me… from my rules interface Lan (192.168.68.0/24) I set up in the last line to block lan to any destination
so I don't understand because I can access to Wan interface (192.168.0.0/24)thanks in advance for support!
bye
roberto -
And did you clear you states when you created your new rule - and what is your rule? exactly can you post it.
-
Hello John,
thank you for your swift reply, in attachment my configuration rules..
-
You allow 80 and 443 above that - so that is not going to block the internet.
Rules are evaluated top down, first rule to trigger wins - no other rules are evaluated.
So while your last rule would block say access to 25 (smtp), 22 (ssh), etc.. etc.. the VAST majority of the internet runs on 53 for dns and 80/443 (http/https) so what exactly is working that you think should not be working?
Your last rule is no different than the default deny that is on every interface, and logged by default - your rule would just prevent logging of anything blocked since none of your rules are set to log.
