LAN deny iplist inbound/outbound but pfsense itself allow outbound



  • I've been running pfblocker many years on all interfaces with a couple of ip blocklists with deny inbound and outbound. It works perfect with no issues but now I need to add an iplist that no clients on the LAN is allowed to access but the pfsense box itself must be allowed to access. I can't figure out how to make that work, adding another iplist will block inbound/outbound on the wan as well because I can't tell which interface the list should be applied on or am I missing something (you setup under General which interfaces all lists in pfblocker should be applied on) ?



  • The settings under Firewall / pfBlockerNG / IP is for Auto Rules creation.

    You can create an IP table with Alias type Action and use it with your own Firewall rules.



  • @RonpfS

    Ok, so I don't use pfblocker for this at all :)

    I created an alias with all the ip addresses I want to block

    Under Firewall/Rules/LAN1 I created a rule
    Reject
    LAN1
    IPv4
    Any

    Source Any
    Destination 'Single host or alias' 'my_alias'

    I placed the rule after the Pfblocker auto rules and it seems to be working but the question is if I did it correctly ?

    Many thanks for the simple solution 👍


Log in to reply