Block private networks - Block bogon networks



  • My WAN interface has the Block private networks… and Block bogon networks checked.
    My LAN interface, 192.168.1/24, and my WLAN interface, 192.168.2/24, do not have either checked.  Do I need to check these for my LAN and WLAN?  I couldn't find the correct answer in the forums.
    Thanks in advance.



  • This is the default configuration.  Do not check block private networks on for LAN or WLAN or you will no longer have access.
    Block private networks: blocks 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 subnets.
    Block bogon networks: blocks any unallocated IP subnets (pfSense pulls a fresh list Monthly).
    These options are designed to prevent someone from using private or bogon IP addresses on the WAN side.



  • @newUser2pfSense:

    My WAN interface has the Block private networks… and Block bogon networks checked.
    My LAN interface, 192.168.1/24, and my WLAN interface, 192.168.2/24, do not have either checked.  Do I need to check these for my LAN and WLAN?  I couldn't find the correct answer in the forums.
    Thanks in advance.

    You should not check it on your local networks (LAN and WLAN).
    If you don't need external access from WAN side (probably not, because this is not public accessible address), then check it on WAN interface. This will create rule on WAN interface blocking all incoming traffic to WAN interface (but will not interfere with your outgoing packets from LAN/WLAN).



  • Thanks to everyone that replied.  I appreciate it.  I now have my answer.



  • hi;
    in past versions this was the standard though to block these on the lan as well from 2.3 up i do think and seem to remember. is this a 2.4 base only change/from now on???