Change Default Rule for DEV Environment - stop internet access



  • Hi,

    I have one Pfsense with 4 interface:
    -PROD
    -LAB
    -DEV
    -WAN

    For example, i want to block access for the DEV environment to the PROD environment.
    Actually, I have a simple rule (like default): DEV to *
    But if I change "DEV to * "  and replace by "DEV to WAN", my Internet access has stopped in a DEV machine..
    I don't understand why.. It's really simple, I just want to be sure that the DEV can't access to PROD but only to Internet (WAN).

    Do you know why it's not working if I change this parameter?

    Thanks you



  • Add some block rules above your Allow DEV to * rule.  Block DEV to LAB.  Block DEV to LAN.  That's one way to do it.


  • Rebel Alliance Global Moderator

    Dev to wan net or address would be just that dev to whatever the wan net or address is.  That is not the internet that is just the network your wan is connected too… Just like your lan net is say 192.168.1.0/24  your wan net might be say 1.2.3.0/21 or something

    If you do not want dev to goto prod then block/reject dev to prod net above your default any any allow rule.

    Rules are evaluated top down, first rule to trigger wins, no other rules are evaluated.

    Keep in mind that any states that already exist would still be allowed...  So if say dev talked to box in prod, and then you added the block rule that dev box would still be able to use the session it had created before you put in the rule.  Unless you flush that state or close that connection on either of the devices so the state is closed on pfsense.



  • Perfect, it's working with a block above my rule DEV to *!

    Thanks you very much  :)