I've got a lab environment here for some testing of software which should only run on this "lab environment" network.
To that end, the "lab environment" has a pfsense firewall sitting on the periphery of the network, acting as the "gateway".
I need to set pfSense to prohibit all internal LAN addresses from connecting outbound to the Internet, with the exception of a single system which has an IP addressed to it statically.
I have tried blocking FROM LAN Address -> (any)
with no luck, as the system has still been able to reach out to the internet with that rule. Creating a "Pass" rule is easy enough for this, I think, FROM 172.16.1.1 TO (any)
.
Can someone help me out with these firewall rules? Kinda new to pfSense, as I come from an iptables
-at-the-network-edge environment, so any help would be appreciated.
Best Answer
You don't block "LAN Address", you need to block "LAN Subnet".
Do the following:
PASS, 172.16.1.1 -> ANY
DENY, LAN subnet -> ANY