Rule not applied on LAN
-
Hello
I have a set of rule on lan (192.168.0.0/24)
-
-
- LAN Address 50080 * * Anti-Lockout Rule
80
22
IPv4 * * * * * * none Default allow LAN to any rule
IPv6 * * * * * * none Default allow LAN to any rule
- LAN Address 50080 * * Anti-Lockout Rule
-
Just after anti-lockout I have
IPv4 TCP 192.168.0.21 * * 25 * noneBut 192.168.0.21 can still telnet 192.168.0.8 on port 25.
Thanks for helping find what I'm missing
-
-
Since you're not passing through pfSense, those rules will have no effect. The rules apply to traffic between networks only and not at all on the local LAN.
-
OK
but the gateway is the firewall so it should block ?So how can I block a specific host from specific traffic inside the lan ?
Thank you vey much
-
The gateway only affects things that pass through it. On the local LAN traffic passes directly between the various devices and does not go through the gateway. All you can do on the local LAN is use firewalls on the various devices or some managed switches can control what devices can talk to others.
-
Many thanks
so
my host which is openvpn need to be firewalled on the host itself ...whicj can be compromised and then opens the LAN -
VPNs are generally used to allow protected access to a LAN. You could run OpenVPN on a computer and use that computer's firewall to control what can access it. What are you doing that needs to be protected from others on the LAN.
BTW, for maximum security, it's a good idea to run a firewall on all computers. That's what I do here.
-
Yes
On the openvpn I willOn other machine (33), it will be a mess !