We are trying to offer free wifi to our client visiting the restaurant but we don’t want them to have access to our work LAN or access to the firewall GUI.
To achieve this, we created the following rule:
When I then login to my guest wifi, I am still able to access the web GUI.
Could anyone please advise on were I gone wrong?
I order my rules with allow first then followed by reject.
However, doesn’t sound sensible to “share” your LAN with the public, I’d set up a separate vlan for guests, then you have total control over that vlan instead of finding out that later you made an error and exposed your network.
You should also have a separate WiFi SSID for guests.
It would help to know what equipment we are talking about.
Example of our rules , change it to suit your requirements
Rule 1 - blocks gui access as each network has gui access (PFSenseManagementPorts is a alises with http , https and ssh ports)
Rule 2 - allows dns queries on the pfsense server, as clients are using the PFServer as the dns server
Rule 3 - blocks all rfc1918 networks - RFC1918 is an alias
Rule 4 allows internet access
@Paul thank you very much for sharing your rules. I copied them and my issue is now resolved