deny Internet connection for LAN



  • Hello.
    I'm sorry for my English.

    Version 2.4.4-RELEASE-p3 (amd64)
    built on Wed May 15 18:53:44 EDT 2019
    FreeBSD 11.2-RELEASE-p10

    PfSense is my gateway and also it my proxy.

    I want to block access to Internet from my LAN PC.

    If I set only gateway on my network adapter (without proxy in my browser) then Internet is work.
    But if I set in my browser proxy - Internet doesn't work.

    How I can setting PfSense for deny Internet without proxy.



  • Remove the Default Allow LAN to any rule in your LAN firewall rules.



  • @KOM Sorry, I don't have this rule.

    If to remove a proxy from the browser, in Pf to stop squid - there is also no Internet.

    Help to understand, please, how correctly it is necessary to configure.
    I want to prohibit access to the Internet passing a proxy (squid).



  • @DimmKo said in deny Internet connection for LAN:

    Sorry, I don't have this rule.

    So you removed the rule manually? This rule is there by default for the first LAN interface.



  • @KOM said in deny Internet connection for LAN:

    So you removed the rule manually? This rule is there by default for the first LAN interface.

    Firewall -> Rules -> LAN
    If I correctly understand. There is not this rule.



  • Post a screenshot of your LAN rules.



  • @KOM Thank's fir your help.
    Tommorow I will add screenshot.



  • Here are my LAN rules, for example. I've highlighted the Default allow LAN to any rule at the bottom.

    Untitled.png



  • @KOM Hello.
    This is my screenshot form PfSense: Firewall -> Rules -> LAN.

    screenshot
    Sorry for big size.

    I can't past image into spoiler.(((



  • Wow, that's a LOT of rules for a LAN. Just to clarify, when you said "I want to block access to Internet from my LAN PC.", did you mean just your PC alone? And by "Internet", do you mean just http/s or ALL traffic of any type?

    If you want to block only your PC, then you need to add a block rule ABOVE any rules that permit tcp80,443 access. The Source would be your PC's IP address. The Destination would be any, ports would be http & https (one rule for each).



  • @KOM Thank you for your answer!
    I'm sorry for my long silent.
    Lock rule three times on top - .0.123 - but it don't work.



  • Go to Diagnostics - States and reset your states. Existing states are not affected by a block rule change.


Log in to reply