Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with setting firewall rules correctly

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 205 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      n1md4
      last edited by

      Please can someone help with some rules that aren't working the way I expect.

      I have 2 networks. One network should only be able to communicate with it's own network, and otherwise block all other incoming traffic. The other should be able to communicate with everything (the internet), but block any other LAN traffic. Here are the rules:

      WLAN10
      block ipv4+6* source: rfc1928 addresses port: * destination: wlan10 net port: *

      WLAN40
      pass ipv4+6 * source: wlan40 net port: * destination: * port: *
      block ipv4+6* source: rfc1928 addresses port: * destination: wlan10 net port: *

      But, when connected to the WLAN40 network I am able to ping across to the WLAN10 network. Why is an RFC1918 address able to do that?

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire @n1md4
        last edited by

        @n1md4 rules apply to traffic arriving on the interface. They also apply in order.

        So on WLAN40 you probably want to:
        Block from WLAN40 Net to WLAN10 Net
        Allow from WLAN40 Net to any

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.