DMZ to Internet



  • I am building a fairly complex pfSense for my office network. I have the pfsense in a lab right now for design and testing. I want some of the DMZs to acess only the WAN interfaces for outbound traffic. My question is that when I try add a rule to the DMZ interface to "allow any" outbound from that DMZ, it also allows access to the LAN. Is there a simpler way to allow the DMZ access to the internet but deny access to the LAN without having to add rules to deny every subnet in the LAN ?



  • Allow access to "destination: !LAN" (not LAN)

    If you have multiple LAN's you could create an Alias which contains all your LAN's and set the destination as !yourAlias (not yourAlias)


Log in to reply