To block or not block private networks and about gateways



  • You know the option on the WAN connection for blocking private networks?

    I'm running pfsense virtually with virtualbox and my physical router is what it's getting the gateway from. So to me it would make sense to uncheck that, but also hovering in my mind is, could this allow something through that gateway that is undesirable?  I am still able to get internet either way. Just curious.



  • If there are no other rules on WAN then it makes no difference - the default unseen "block all" rule stops incoming connection attempts anyway.
    From the LAN side, you can access things in that in-between WAN subnet because the state is initiated from the LAN side, so whatever WAN rules you have or do not have makes no difference.
    It is only if you want some device to access from the in-between WAN subnet to pfSense (e.g. for diagnostic purposes) that you have to uncheck "block private networks" and then add rule/s to allow access.