allowing internet access whle blocking traffic beween subnets
-
This post is deleted! -
@hescominsoon well poop..i msut have been doing something wrong..i finally setup the rules as i have done fore years and then rebooted the firewall..good to go.
-
@hescominsoon without you showing us what you had done its not possible for us to know what you might have been doing wrong.
But to be honest inverted or ! rules are not how I would suggest you do it.
Allow what you want to the firewall, icmp, dns, etc. Then create a block rule with your rfc1918 alias, then below that an any any rule.
Here is an example set of rules. That prevent a vlan/network from talking to any other rfc1918 networks, and still allows internet
! rules can work, and do - but there are some scenarios where they could be problematic, its just better to set explicit rules. Much easier to read and understand from a quick glance of your rules as well.
The block to "this firewall" prevents this vlan from accessing the web gui of pfsense on its wan IP, which quite often is public IP, and without that rule would be allowed via the any any internet rule.
