Hi,
I tried to add the "block DNS queries to external resolvers" as
described here
(https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers
) to my LAN config and noticed that traffic would not go anywhere on the
LAN until I disabled the the two rule below on port 53. With rules 1,4,5
below, all works well. When I switch on 2 and 3 too, browser stops
working and all traffic on LAN goes nowhere. Why would this be?
Thanks
Protocol Source Port Destination Port Gateway
Queue Schedule
Description Actions
1
1 /3.61 MiB <https://192.168.2.1/diag_dump_states.php?ruleid=80,81>
* * * LAN Address 443
80 * *
Anti-Lockout Rule
2
<https://192.168.2.1/firewall_rules.php?if=lan&act=toggle&id=2>
0 /0 B <https://192.168.2.1/diag_dump_states.php?ruleid=84,85>
IPv4+6 TCP/UDP * * LAN address 53 (DNS) *
none Allow DNS to
pfSense/DNSMASQ/OpenDNS
3
<https://192.168.2.1/firewall_rules.php?if=lan&act=toggle&id=3>
0 /21 KiB <https://192.168.2.1/diag_dump_states.php?ruleid=86,87,88,89>
IPv4+6 TCP/UDP * * * 53 (DNS) * none
Block DNS to everything
else
4
<https://192.168.2.1/firewall_rules.php?if=lan&act=toggle&id=4>
1 /44.34 MiB <https://192.168.2.1/diag_dump_states.php?ruleid=90>
IPv4 * LAN net * * * * none
Default allow LAN to any rule
5
<https://192.168.2.1/firewall_rules.php?if=lan&act=toggle&id=5>
0 /0 B <https://192.168.2.1/diag_dump_states.php?ruleid=>
IPv6 * LAN net * * * * none
Default allow LAN IPv6 to any rule
--
Respect your privacy and that of others, don't give your data to big
corporations.
Use alternatives like Signal (https://whispersystems.org/) for your messaging
or
Diaspora* (https://joindiaspora.com/) for your social networking.
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
