Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    deny Internet connection for LAN

    Scheduled Pinned Locked Moved Cache/Proxy
    12 Posts 2 Posters 798 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DimmKo
      last edited by

      Hello.
      I'm sorry for my English.

      Version 2.4.4-RELEASE-p3 (amd64)
      built on Wed May 15 18:53:44 EDT 2019
      FreeBSD 11.2-RELEASE-p10

      PfSense is my gateway and also it my proxy.

      I want to block access to Internet from my LAN PC.

      If I set only gateway on my network adapter (without proxy in my browser) then Internet is work.
      But if I set in my browser proxy - Internet doesn't work.

      How I can setting PfSense for deny Internet without proxy.

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by KOM

        Remove the Default Allow LAN to any rule in your LAN firewall rules.

        D 1 Reply Last reply Reply Quote 0
        • D
          DimmKo @KOM
          last edited by DimmKo

          @KOM Sorry, I don't have this rule.

          If to remove a proxy from the browser, in Pf to stop squid - there is also no Internet.

          Help to understand, please, how correctly it is necessary to configure.
          I want to prohibit access to the Internet passing a proxy (squid).

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            @DimmKo said in deny Internet connection for LAN:

            Sorry, I don't have this rule.

            So you removed the rule manually? This rule is there by default for the first LAN interface.

            D 1 Reply Last reply Reply Quote 0
            • D
              DimmKo @KOM
              last edited by

              @KOM said in deny Internet connection for LAN:

              So you removed the rule manually? This rule is there by default for the first LAN interface.

              Firewall -> Rules -> LAN
              If I correctly understand. There is not this rule.

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                Post a screenshot of your LAN rules.

                D 1 Reply Last reply Reply Quote 0
                • D
                  DimmKo @KOM
                  last edited by

                  @KOM Thank's fir your help.
                  Tommorow I will add screenshot.

                  1 Reply Last reply Reply Quote 0
                  • KOMK
                    KOM
                    last edited by KOM

                    Here are my LAN rules, for example. I've highlighted the Default allow LAN to any rule at the bottom.

                    Untitled.png

                    D 1 Reply Last reply Reply Quote 0
                    • D
                      DimmKo @KOM
                      last edited by DimmKo

                      @KOM Hello.
                      This is my screenshot form PfSense: Firewall -> Rules -> LAN.

                      screenshot
                      Sorry for big size.

                      I can't past image into spoiler.(((

                      1 Reply Last reply Reply Quote 0
                      • KOMK
                        KOM
                        last edited by

                        Wow, that's a LOT of rules for a LAN. Just to clarify, when you said "I want to block access to Internet from my LAN PC.", did you mean just your PC alone? And by "Internet", do you mean just http/s or ALL traffic of any type?

                        If you want to block only your PC, then you need to add a block rule ABOVE any rules that permit tcp80,443 access. The Source would be your PC's IP address. The Destination would be any, ports would be http & https (one rule for each).

                        D 1 Reply Last reply Reply Quote 0
                        • D
                          DimmKo @KOM
                          last edited by

                          @KOM Thank you for your answer!
                          I'm sorry for my long silent.
                          Lock rule three times on top - .0.123 - but it don't work.

                          1 Reply Last reply Reply Quote 0
                          • KOMK
                            KOM
                            last edited by

                            Go to Diagnostics - States and reset your states. Existing states are not affected by a block rule change.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.