How to block IP camera coms with Inet, but allow it to get NTP from PFSense
-
I'm sure this is crazy easy, but I'm having a brain fart.
Whats the best way to put a rule in that blocks an IP camera from communicating out on the Wan but allows it to talk to the NTP server on PFSense (192.168.0.1)?
-
An allow rule to pfsense address on the ntp port.. Above your block rule to any (internet)
For example
See my allow ntp rule there near the top.. And that rule at the bottom that allows internet, if you changed that to block/reject at the bottom of your rules then internet would be blocked.
or just removed it all together, since the default rule is deny..
Rules are evaluated top down, first rule to trigger wins, no other rules are evaluated.
-
Thanks john! Thats exactly what I was looking for.
-
If you ever question your rules - just post them up.. Always happy to express my opinion on rule sets ;)