Port 53 DNS LAN fire wall rules



  • Hello!
    I've setup two LAN firewall dns rules (Pass and Block) for port 53, but it is blocking access to my NAS. I've disable them for now, but I would like to know if there is a way to allow access to the NAS when the rules are enabled. Any recommendations? Below are the dns rules I added to my LAN interface for port 53 and they are placed at the top of the LAN firewall rule list. Thanks in advance!

    Allow DNS to PfSense
    Action: Pass
    Interface: LAN
    Address Family: IPV4
    Protocol: UDP
    Source: Any
    Destination: Lan net
    Destination range: DNS (53)

    Block All other DNS
    Action: Block
    Interface: LAN
    Address Family: IPV4
    Protocol: UDP
    Source: Lan net
    Destination: Any
    Destination range: DNS (53)


  • LAYER 8 Netgate

    First, you should block both TCP and UDP if you want to block DNS.

    Second, those rules will not generally affect a NAS unless you need UDP 53 to it for some reason. You should probably look for another reason it is not working.



  • Hi Derelict. Thanks for taking the time replying to my post. I will adjust the firewall rules to TCP and UPD. As of now I can only access the NAS if these two DNS firewall rules are disabled. I mostly have a default pfsense installation with the exception I've recently installed PFBlockerNG. I will keep researching what is casing the NAS access conflict If these firewall rules should not be the ones blocking access to my NAS in my network. Thanks for your help!


  • LAYER 8 Global Moderator

    dns is not required to access your nas, that is for sure. And blocking it on pfsense would have ZERO to do with accessing it from lan that is for sure as well.

    If your blocking your access to dns, then yeah you would be able to resolve its name.. But you could just access it via IP.


  • LAYER 8

    well that would be the case only if you have wrong dns on your pc and you are trying to access the nas using hostname instead of the ip, otherwise there is no reason for not to be able to access the nas


  • LAYER 8 Global Moderator

    He is prob the dyn dns name they give you that you can create at something.synology.me for example. And using nat reflection?



  • @johnpoz
    Thank you all for your replies. I fixed the nas access issue by changing the freenas primary nameserver to match the the router's ip. The issue I have now is that PFBlockerNG is blocking my kids PS4 access to fortnite. I am assuming I can get around this by DNSBL whitelisting epic games server and the psn networks server? I will keep researching for an answer. Thank you!


  • LAYER 8 Global Moderator

    You might have better luck with such a question in the pfblocker section.. game servers and psn servers could have huge amount of domains that could be looked, so blocking x could cause something in the chain to fail, etc.


Log in to reply