Multiple Networks, with a twist

  • Hey guys, happy to finally be a part of the community and the forum! Been running PF for a couple years now, and and love it! Ill try to TLDR as i tend to ramble. I have a fully functioning PFSense network, with Pihole as my ONLY DNS server internally. All Port 53 requests to outside are re-routed to it. I have just added another adapter to create a separate network as I am unable to set up VLANs due to my environment. I want this network to ONLY have access to the outside world. I have created what i thought were the necessary rules, and it all works how i want internally, but i cannot get DNS resolution from Quad 1 outside, which is all I want. A "poor man's VLAN" as it were, with isolation to just the web. Could use some rules assistance!!

    Imgur pic here:

  • By default a interface or vlan will have no rules, consequently all traffic will be blocked.
    If you put in an allow any rule, it will implicitly allow access to the LAN as well, so you need to first explicitly block traffic going to LAN, then allow anything else.

    Deny SRC: NEW DST: LAN
    Allow SRC: NEW DST: Any

  • ....After some more research, yes I came to the above conclusion. Apologies for the lazy post! Having said that, my solution was to INVERT MATCH on the Destination network and select LAN NET, which will block access to the main network. This also is a single-rule solution! Props to Lawrence Systems on that one :) Either way, thanks a bunch for the response.

Log in to reply