Firewall rules - block client on LAN from reaching WAN

bittwiddler
Full Member

Posts: 39

Firewall rules - block client on LAN from reaching WAN Feb 15, 2018 3:50:28 GMT

Quote

Post by bittwiddler on Feb 15, 2018 3:50:28 GMT

Hello SmallWall gurus,

I have a computer which I would like to allow full use of the LAN network but block access to the WAN. I have not been able to figure this out. I understand I cannot block by MAC address which should be OK. I am able to assign a static IP to the client so a DHCP renew won't get around the rule. Can anyone provide some guidance?

Many thanks!

--
bT

Software developer, IoT security architect, maker of smoke

Lee Sharp
Administrator

Posts: 522

Firewall rules - block client on LAN from reaching WAN Feb 15, 2018 4:38:40 GMT

Quote

Post by Lee Sharp on Feb 15, 2018 4:38:40 GMT

You will always have full access to the LAN because that traffic does not cross SmallWall at all. To block it to WAN, use a static IP or statically assign one with DHCP, then create a block all rule for that IP. Note that it must be first in the list, or the default pass rule will pass it before it gets there.

bittwiddler Full Member Posts: 39	Firewall rules - block client on LAN from reaching WAN Feb 15, 2018 5:22:24 GMT Quote Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by bittwiddler on Feb 15, 2018 5:22:24 GMT Thank you Lee. I understand the caveat with LAN. I tried blocking it to WAN but must have gotten too clever by half at some point. I will have another go at it and see what happens.
	-- bT Software developer, IoT security architect, maker of smoke

Lee Sharp Administrator Posts: 522	Firewall rules - block client on LAN from reaching WAN Feb 15, 2018 5:47:28 GMT Quote Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by Lee Sharp on Feb 15, 2018 5:47:28 GMT You need to be on the LAN interface. Rules are based on source... You will make one that looks like the default rule, but the source is the IP address, and it is a block not a pass.

Firewall rules - block client on LAN from reaching WAN

Post by bittwiddler on Feb 15, 2018 3:50:28 GMT

Post by Lee Sharp on Feb 15, 2018 4:38:40 GMT

Post by bittwiddler on Feb 15, 2018 5:22:24 GMT

Post by Lee Sharp on Feb 15, 2018 5:47:28 GMT

Quick Reply