1. Home
  2. pfSense Packages
  3. Cache/Proxy
  4. deny Internet connection for LAN

deny Internet connection for LAN

  • D

    Hello.
    I'm sorry for my English.

    Version 2.4.4-RELEASE-p3 (amd64)
    built on Wed May 15 18:53:44 EDT 2019
    FreeBSD 11.2-RELEASE-p10

    PfSense is my gateway and also it my proxy.

    I want to block access to Internet from my LAN PC.

    If I set only gateway on my network adapter (without proxy in my browser) then Internet is work.
    But if I set in my browser proxy - Internet doesn't work.

    How I can setting PfSense for deny Internet without proxy.

    0
  • KOM

    Remove the Default Allow LAN to any rule in your LAN firewall rules.

    0 D 1 Reply
  • D

    @KOM Sorry, I don't have this rule.

    If to remove a proxy from the browser, in Pf to stop squid - there is also no Internet.

    Help to understand, please, how correctly it is necessary to configure.
    I want to prohibit access to the Internet passing a proxy (squid).

    0
  • KOM

    @DimmKo said in deny Internet connection for LAN:

    Sorry, I don't have this rule.

    So you removed the rule manually? This rule is there by default for the first LAN interface.

    0 D 1 Reply
  • D

    @KOM said in deny Internet connection for LAN:

    So you removed the rule manually? This rule is there by default for the first LAN interface.

    Firewall -> Rules -> LAN
    If I correctly understand. There is not this rule.

    0
  • KOM

    Post a screenshot of your LAN rules.

    0 D 1 Reply
  • D

    @KOM Thank's fir your help.
    Tommorow I will add screenshot.

    0
  • KOM

    Here are my LAN rules, for example. I've highlighted the Default allow LAN to any rule at the bottom.

    Untitled.png

    0 D 1 Reply
  • D

    @KOM Hello.
    This is my screenshot form PfSense: Firewall -> Rules -> LAN.

    screenshot
    Sorry for big size.

    I can't past image into spoiler.(((

    0
  • KOM

    Wow, that's a LOT of rules for a LAN. Just to clarify, when you said "I want to block access to Internet from my LAN PC.", did you mean just your PC alone? And by "Internet", do you mean just http/s or ALL traffic of any type?

    If you want to block only your PC, then you need to add a block rule ABOVE any rules that permit tcp80,443 access. The Source would be your PC's IP address. The Destination would be any, ports would be http & https (one rule for each).

    0 D 1 Reply
  • D

    @KOM Thank you for your answer!
    I'm sorry for my long silent.
    Lock rule three times on top - .0.123 - but it don't work.

    0
  • KOM

    Go to Diagnostics - States and reset your states. Existing states are not affected by a block rule change.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy