How to block webgui from wifi client?



  • Setup

    modem–router (192.168.1.1) --pfsense (wan=192.168.1.10 lan=192.168.3.1) --opt1(192.168.4.1) --wifi client(192.168.4.10)

    Rules
    wan accept any
    lan accept any
    opt1 block dest 192.168.0.0/24
    opt1 accept any

    I want to access webgui from 192.168.1.0/24. With this setup my wifi client is able to access 192.168.1.0/24. How do I limit access to allow only internet traffic?



  • opt1 block dest 192.168.0.0/24

    With this setup my wifi client is able to access 192.168.1.0/24

    So block the correct subnet!

    Add a allow rule on OPT1:

    
    ID 	Proto 	Source 	Port 	Destination 	   Port 	Gateway 	Queue 	Schedule 	Description 	
    	*        * 	 * 	!192.168.1.0/24      *      	* 	none 	  
    
    

    And it will be done.



  • Thank you for your help. There is a typo my block rule is 192.168.0.0/16. Sorry for the confusion.

    I did add the block rule 192.168.1.0/24 as you suggested and again it did not produce the expected result.

    What I left out in the details is that I have Squid proxy on OPT1 and it turns out that is the source of the problem. Strange thing is webgui via lan port is blocked for wifi clients as expected. Any ideas?



  • I have to be sorry also. In my rule there is also an typo.

    The rule I suggested should allow all traffic on OPT1 except with destination to your LAN net. So you have to use your LAN net there, 192.168.3.0/24 instead 192.168.1.0/24.
    Note: Enter LAN net at destination and check "not" above to invert this.