I want to block all DNS traffic for all clients on the APPort, directly to any WAN address (and only allow them to use the internal DNS server).
What am I doing wrong? .-.
Thanks!
I thought what takes priority is on top?
Edit: also, does my âsource portâ matter, or should it be everything?
Yeah it goes top to bottom first rule allows dns traffic to only the lan network the 2nd blocks any other dns traffic.
Alright, iâll try that tomorrow morning!
What @mutation666 says is correct, the reason your rules donât work is the destination is wan network. Wan network does not mean Internet it means the network that your wan ip is on, which is usually a /31 network anyway. So for traffic with a destination of âthe internetâ you have to use either any or everything but your local networks (using aliases and the not check box).
Source should be any unless you want to have a rule for a specific source address. Using the interface network as source does the same this as any because only things with an ip on that network can be on that interface.
Source port is usually always any, you wouldnât use something else unless you knew you had to.
4 Likes
So this is what I did. With âSWITCHPORT Address,â it doesnât work (doesnât allow me to specify a single address, I think thatâs what Iâm suppose to do), however, with âSWITCHPORT net,â it just works. I would of thought that âAddressâ would allow me to specify an IP, but idk, guess not. Still learning about pfSense rules ÂŻ\(ă)/ÂŻ
Solved? lol
Something address means the ip address for pfsense on that interface, if you want to specify an address the option you want is âsingle host or aliasâ
1 Like