<![CDATA[Despite WAN-blocking firewall rule, machine can still resolve hostnames? [FIXED]]]>Hello all,

Despite the following firewall rule which SHOULD block all WAN access to this IP, it's still able to resolve hostnames to IPs.  Surely DNS traffic is included in this rule which is set up to block all protocols, ports and destinations from one IP on the LAN.


Proto    Source         Dest    Port     G/W    Sched
 *  	 192.168.2.1  	 *  	 *  	 *  	 *

Wite this rule in place, the machine can not ping any IPs, load websites etc, but it CAN resolve a hostname to an IP…

E.g:


C:\Documents and Settings\Dave>ping -t google.fr

Pinging google.fr [216.239.59.104] with 32 bytes of data:

Request timed out.
Request timed out.

Ping statistics for 216.239.59.104:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Why is this? (The address is definately not cached anywhere…)

Cheers,
Dave
pfsense.jpg
pfsense.jpg_thumb

]]>https://forum.netgate.com/topic/5256/despite-wan-blocking-firewall-rule-machine-can-still-resolve-hostnames-fixedRSS for NodeMon, 13 Apr 2026 02:49:50 GMTSat, 21 Jul 2007 20:53:34 GMT60<![CDATA[Reply to Despite WAN-blocking firewall rule, machine can still resolve hostnames? [FIXED] on Sat, 21 Jul 2007 21:10:24 GMT]]>Ahh it was something simple then, thanks :D

Cheers again,
Dave

PS. Thanks for the prompt and knowledgable replies you lot =)

]]>https://forum.netgate.com/post/157859https://forum.netgate.com/post/157859Sat, 21 Jul 2007 21:10:24 GMT<![CDATA[Reply to Despite WAN-blocking firewall rule, machine can still resolve hostnames? [FIXED] on Sat, 21 Jul 2007 20:59:33 GMT]]>Turn off the DNS Forwarder.

]]>https://forum.netgate.com/post/157858https://forum.netgate.com/post/157858Sat, 21 Jul 2007 20:59:33 GMT