Rule not applied on LAN



  • Hello

    I have a set of rule on lan (192.168.0.0/24)

        • LAN Address 50080 * * Anti-Lockout Rule
          80
          22
          IPv4 * * * * * * none Default allow LAN to any rule
          IPv6 * * * * * * none Default allow LAN to any rule

    Just after anti-lockout I have
    IPv4 TCP 192.168.0.21 * * 25 * none

    But 192.168.0.21 can still telnet 192.168.0.8 on port 25.

    Thanks for helping find what I'm missing



  • @StanthewiZZard

    Since you're not passing through pfSense, those rules will have no effect. The rules apply to traffic between networks only and not at all on the local LAN.



  • OK
    but the gateway is the firewall so it should block ?

    So how can I block a specific host from specific traffic inside the lan ?

    Thank you vey much



  • @StanthewiZZard

    The gateway only affects things that pass through it. On the local LAN traffic passes directly between the various devices and does not go through the gateway. All you can do on the local LAN is use firewalls on the various devices or some managed switches can control what devices can talk to others.



  • Many thanks

    so
    my host which is openvpn need to be firewalled on the host itself ...whicj can be compromised and then opens the LAN



  • @StanthewiZZard

    VPNs are generally used to allow protected access to a LAN. You could run OpenVPN on a computer and use that computer's firewall to control what can access it. What are you doing that needs to be protected from others on the LAN.

    BTW, for maximum security, it's a good idea to run a firewall on all computers. That's what I do here.



  • Yes
    On the openvpn I will

    On other machine (33), it will be a mess !


Log in to reply