Allow only Internet (WAN)
I have a pfSense box up and running and would like to enable one interface (GUEST) for guest clients who can only access internet (WAN).
I have already have LAN and DMZ configured.
What rules are required to accomplish this? I tried to set destination to "WAN address" without any succes.
If you already have a DMZ then use those rules as a template.
1. Create an alias with the LAN and DMZ subnets.
2. Create a firewall rule on the GUEST interface to pass from GUEST subnet to NOT [alias].
If your LAN and DMZ are both in private address space then you can just create your alias in step 1 to include all RFC1918 networks, which is something you should not be routing to the internet anyway.
clarknova, this sounds very promising, thank you for the hint.
I will try it tomorrow and post back here.
The following rules on the interface GUEST worked for me:
Block GUEST -> DMZ
Block GUEST -> LAN
Pass Guest -> *