Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need help with a Rule

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 548 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rnexussix
      last edited by

      I am a trying to restrict access to anything beyond LAN interface for a group of clients.  However when I create a LAN rule that denies network access from lan to wan for all protocols, the hosts in the group also lose the ability to ping LAN interface. Since that interface is also a Default gateway this hosts,  that is somewhat of a problem.

      What am I doing wrong  and how can I fix that ?

      1 Reply Last reply Reply Quote 0
      • D Offline
        dew67
        last edited by

        Firewall rules are processed in the order you see them, and as soon as one rule matches no further rules are used. You can insert a rule just prior to your deny rule that allows ping to the LAN interface. The rule would look something like this:

        IPv4 ICMP LAN net * LAN Address * * none   Allow all LAN devices to ping LAN interface
        << your deny rule here >>

        ping from the LAN network to the LAN interface would succeed based on the first rule, then all other protocols from your subset of users would be blocked.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.