[pfSense] Block Rule doesnt work

Wed Jan 25 13:48:12 EST 2012

2012/1/25 Jürgen Echter <j.echter at echter-kuechen-elektro.de>

> **
> Am 25.01.2012 16:26, schrieb Moshe Katz:
>
> Try using "Source: * (any)" instead of "Source: WLAN Net".  It will only
> apply to WLAN traffic anyway because of which interface it applies to.
>
>  It would be helpful for you to send the screenshot again WITH the
> left-most column - the icons OUTSIDE the table.  Make sure your rules are
> actually "block" rules (red icons) and that they are enabled.
>
>  I'm sorry if this sounds like a stupid question but did you make sure
> your IP address is not the one that is allowed through in the first rules?
>
>  Moshe
>
> ------------------------------
> Moshe Katz
> -- moshe at ymkatz.net
> -- +1(301)867-3732
>
>
>
> 2012/1/25 Jürgen Echter <j.echter at echter-kuechen-elektro.de>
>
>> Am 24.01.2012 12:58, schrieb Matthias May:
>>
>>  Jürgen Echter wrote:
>>>
>>>> Hi,
>>>>
>>>> maybe i'm doing something wrong.
>>>>
>>>> i have 3 interfaces, one for wan, one for lan and one for wlan.
>>>>
>>>> i don't want that wlan users have access to my lan.
>>>>
>>>> so i tell the firewall rule on the LAN interface to block everything
>>>> from WLAN subnet, but i'm still able to receive different webpages hosted
>>>> on the LAN.
>>>>
>>>> also i tried to tell the WLAN interface to block everything what has my
>>>> LAN as destination, same effect.
>>>>
>>>> what's wrong?
>>>>
>>>> greets
>>>>
>>>> juergen
>>>> _______________________________________________
>>>> List mailing list
>>>> List at lists.pfsense.org
>>>> http://lists.pfsense.org/mailman/listinfo/list
>>>>
>>>>
>>> Firwall rules go to the interface on which traffic is received.
>>> So if you want to block traffic from the WLAN interface to the LAN
>>> interface, then the rule has to go to the WLAN interface.
>>> Rules are processes from top to bottom and if a rule catches the rest
>>> below is no longer considered.
>>> Meaning if you have an allow rule above your block rule, the allow rule
>>> will always catch.
>>> Put your block rules all the way to the top.
>>>
>>> If that doesn't help, send a screenshot of your rules. (Overview, not
>>> the configuration of the rule itself).
>>>
>>> Greetings
>>> Matthias May
>>> _______________________________________________
>>> List mailing list
>>> List at lists.pfsense.org
>>> http://lists.pfsense.org/mailman/listinfo/list
>>>
>>
>>  ok, here's a screenshot from my rules.
>>
>> i want to block / reject access from wlan to lan.
>>
>> if i try from a box in the wlan to access a webpage from lan it just
>> works. thats what i don't want :)
>>
>> greets.
>>
>> _______________________________________________
>> List mailing list
>> List at lists.pfsense.org
>> http://lists.pfsense.org/mailman/listinfo/list
>>
>>
>
> _______________________________________________
> List mailing listList at lists.pfsense.orghttp://lists.pfsense.org/mailman/listinfo/list
>
>  Hi,
>
> yes i'm sure it's not the one i added there. The IP i added is reserved
> for my little eeePC.
>
> imho if i have wlan subnet as source it should be blocked, because im
> coming from wlan subnet.
>
> greets
>
> juergen
>
> _______________________________________________
> List mailing list
> List at lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>
>
I checked my home pfSense which blocks port 80 and 443 traffic on my open
network (to force people through my proxy server).  It had to have Source
set to * in order to catch everything.  Try it and see if it helps you,
even if it doesn't sound like it will.

See attached screenshot.

Moshe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pfsense.org/pipermail/list/attachments/20120125/dc1e05ea/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pfSense local rules.png
Type: image/png
Size: 44479 bytes
Desc: not available
URL: <http://lists.pfsense.org/pipermail/list/attachments/20120125/dc1e05ea/attachment-0001.png>