Block access to LAN from any other network

Hello everyone,

Can anyone explain why this rule is not blocking ?
I even disable the anti-lockout rule to remove source(any) for 80 and 443.

This is LAN16 ( and my goal is to allow only access from physical LAN port.
I have added a rule to block everything that is not from LAN16.

I can still access the pfsense and LAN16 through a tunnel VPN network
Any comments appreciated.

Perhaps it’s UDP traffic, that will pass your first rule.

At least for me I find it easier to decide what to allow into a network then block everything on the last rule. You have the opposite approach.

Pretty sure pfSense blocks everything by default, so you ought to be able to achieve what you want with no rules :slight_smile:

Yes, but this is not WAN interface. is a VPN tunnel interface on the same firewall.
Thats why i have in top,. but is not working.

If your VPN connection is allowed in on the WAN and is UDP, it will pass your first rule on your LAN interface.

Your top rule is set for blocking TCP only. I have a video here explaining how the rules work and how to troubleshoot them.