Currently my config is pretty close to the defaults.
I have three interfaces
- MGMT 10.254.1.1
- INT 10.254.2.1
I want to block all traffic from INT to MGMT without restricting internet access and have the following firewall rules
The logs show that traffic from from the INT network is passed because it matches the auto generated " let out anything from firewall host itself" Why is this matching? Am I supposed to have an outbound NAT rule?
I mainly use pfSense and i have no experience at all with OPNsense but i assume the way the rules work are more or less the same.
It appears that you are making the block traffic from INT to MGMT rule under the rules for the MGMT network. I wouldn’t think that it would have any effect but i usually make the rules under the source interface.
Example: I don’t want IOT to access LAN net so under the IOT tab for fire wall rules i block its access to LAN net.
i wouldn’t think it should have any effect but its with a try.