Firewall – pfsense: Prohibit all outbound connectivity from inside going out, except for one system’s traffic

firewallpfsense

I've got a lab environment here for some testing of software which should only run on this "lab environment" network.

To that end, the "lab environment" has a pfsense firewall sitting on the periphery of the network, acting as the "gateway".

I need to set pfSense to prohibit all internal LAN addresses from connecting outbound to the Internet, with the exception of a single system which has an IP addressed to it statically.

I have tried blocking FROM LAN Address -> (any) with no luck, as the system has still been able to reach out to the internet with that rule. Creating a "Pass" rule is easy enough for this, I think, FROM 172.16.1.1 TO (any).

Can someone help me out with these firewall rules? Kinda new to pfSense, as I come from an iptables-at-the-network-edge environment, so any help would be appreciated.

Best Answer

You don't block "LAN Address", you need to block "LAN Subnet".

Do the following:

Add a rule as the first rule: PASS, 172.16.1.1 -> ANY
Add a rule as the second rule: DENY, LAN subnet -> ANY

Best Answer

Related Solutions

Firewall – Unable to access internal network through PfSense WAN port

Ssl – Strange issue accessing a single site behind pfsense firewalls

Related Topic