I have computers on my network that I want to allow access to LAN resources - I created an alias with their IP addresses (LAN_WHITELIST). For the other devices I would like to do Internet access only.
So I have also created an alias for private networks: 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 - INTERNAL_NET.
My rules look as follows:
That is, I pass LAN_WHITELIST to INTERNAL_NET. I block not LAN_WHITELIST to INTERNAL_NET. The rest of the rules are default.
Right now:
- the computers with LAN_WHITELIST have access to the Internet and to the LAN servers. This is OK.
- the computers outside of LAN_WHITELIST do not have access to the Internet, but they do have access to the LAN servers. This is WRONG.
How do I correct the rules to make this work as I need it to?
EDIT: Just understood that I need to give access to the pfSense for non LAN_WHITELIST hosts, because they receive its address as DNS (192.168.0.1). So now it looks !LAN_WHITELIST have Internet access.
EDIT2: May it be that the traffic doesn't go via router, so I can't block it with firewall rules? All hosts and servers are in the same local network.
