4. Is this Right?

Is this Right?

  • X

    Please let me know if I got this right, or what could be done better. Here's what I'm trying to do:

    1. Block internet access for select devices on the LAN. I've created an alias for those devices (cls_NoInternet). Alternatively , I could create an alias of devices that need internet access and block all others (it doesn't matter to me which approach. whatever works best).

    2. Devices with internet access should only be able to access destinations in approved regions. Using pfBlockerNG, I've created an "Alias Permit" and the corresponding firewall rule below.

    3. Also using the DNSBL feature of pfBlockerNG with various block lists. So, I've created rules to block all port 53 requests except the pfSense DNS resolver.

    Here's what I've done (screenshot):

    0

  • Nope

    On the LAN interface your source would be LAN Net

    0
  • LAYER 8 Global Moderator

    Dest of lan net from lan is pointless..

    So you want your device on lan to only go to places that are in NAmerica.. Wow that is going to limit your internet ;)

    The only reason to change your source to any on lan would be if you have downstream networks using the lan as a transit.

    0
  • X

    Thank you. Does this look better?

    This particular network isn't for general internet browsing, so NA is fine for starters. I may tweak the allowed destinations over time, and or install snort.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy