Help with firewall rule

Hi,

We are trying to offer free wifi to our client visiting the restaurant but we don’t want them to have access to our work LAN or access to the firewall GUI.

To achieve this, we created the following rule:

When I then login to my guest wifi, I am still able to access the web GUI.
Could anyone please advise on were I gone wrong?

Thank you

I order my rules with allow first then followed by reject.

However, doesn’t sound sensible to “share” your LAN with the public, I’d set up a separate vlan for guests, then you have total control over that vlan instead of finding out that later you made an error and exposed your network.

1 Like

You should also have a separate WiFi SSID for guests.

It would help to know what equipment we are talking about.

Example of our rules , change it to suit your requirements

Rule 1 - blocks gui access as each network has gui access (PFSenseManagementPorts is a alises with http , https and ssh ports)

Rule 2 - allows dns queries on the pfsense server, as clients are using the PFServer as the dns server

Rule 3 - blocks all rfc1918 networks - RFC1918 is an alias

Rule 4 allows internet access

@Paul thank you very much for sharing your rules. I copied them and my issue is now resolved :grin: