Blocking traffic from IP alias to (invert match) IP alias
-
Admittedly, I am a complete novice at pfSense and anything beyond basic networking you can do with a consumer router. So, I know this is why I can't get this to work. But, I'm hoping for a little guidance.
First, all my rules are on specific interfaces other than the rule I am trying to get working. My other rules are very basic rules allowing traffic on my main network to go anywhere, traffic on IOT to only get to the internet. That sort of thing. I have one rule under floating because it involves more than one interface.
Per my understanding, floating rules are processed first, so I'd think what I'm attempting should work...but see my first sentence. :-)I have a group of 4 IP addresses in an alias. I have another group of 2 IP addresses in another alias. I set up a block rule, the first alias being the source, the second alias being the invert-match destination.
Shouldn't that block any traffic from the first alias to anywhere other than the IPs of the second alias?
I have confirmed and reconfirmed that these devices are indeed using the specified IP addresses.
Basically, the goal is to block internet to these devices but still allow them to print (printers are on the second IP alias).
Any advice?
Thanks!!!
-
@mattaton said in Blocking traffic from IP alias to (invert match) IP alias:
Per my understanding, floating rules are processed first, so I'd think what I'm attempting should work...but see my first sentence. :-)
This is only true if "Quick" is checked. See the docs for details:
https://docs.netgate.com/pfsense/en/latest/nat/process-order.html#floating-rules-notes -
@viragomann I had quick on before and it still didn't work. I've changed since other things since then too, so I'll give quick another shot and see if it works.
Thanks