I have a PFsense setup with a WAN, LAN and Management interface.
On the LAN interface, I want to block access to several LAN ip`s. These are accesspoints with a webinterface.
My rules are below. What am I doing wrong? https://www.dropbox.com/s/nyrr2ot61tna3pj/fw.png?dl=0
Argh, ofc this cant be done using a router as it doenst pass traffic on the LAN, devices communicate directly with eachother
To elaborate, what you've done is create two rules. The rules say that any traffic coming in from any device on the LAN, can't have a destination of '5.1 ports 22-443 (or '5.2 any port) otherwise it'll be blocked. The problem is that if its already on the LAN and its destination is on the LAN as well, it'll never go via your router in the first place, so the rules won't ever be acted on.
Its a bit like having 3 PCs on a LAN and one of them has a firewall rule that if the other 2 send traffic between them it should be blocked - its useless and can't do anything.
