> On Sep 30, 2017, at 5:38 PM, Antonio <antoniogennar...@gmail.com> wrote: > > Hi, > > I tried to add the "block DNS queries to external resolvers" as > described here > (https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers > ) to my LAN config and noticed that traffic would not go anywhere on the > LAN until I disabled the the two rule below on port 53. With rules 1,4,5 > below, all works well. When I switch on 2 and 3 too, browser stops > working and all traffic on LAN goes nowhere. Why would this be?
Because your clients aren’t configured to use “LAN Address” as their DNS server? > > Thanks > > > > Protocol Source Port Destination Port Gateway > Queue Schedule > Description Actions > 1 > > 1 /3.61 MiB <https://192.168.2.1/diag_dump_states.php?ruleid=80,81> > * * * LAN Address 443 > 80 * * > Anti-Lockout Rule > 2 > <https://192.168.2.1/firewall_rules.php?if=lan&act=toggle&id=2> > 0 /0 B <https://192.168.2.1/diag_dump_states.php?ruleid=84,85> > IPv4+6 TCP/UDP * * LAN address 53 (DNS) * > none Allow DNS to > pfSense/DNSMASQ/OpenDNS > 3 > <https://192.168.2.1/firewall_rules.php?if=lan&act=toggle&id=3> > 0 /21 KiB <https://192.168.2.1/diag_dump_states.php?ruleid=86,87,88,89> > IPv4+6 TCP/UDP * * * 53 (DNS) * none > Block DNS to everything > else > 4 > <https://192.168.2.1/firewall_rules.php?if=lan&act=toggle&id=4> > 1 /44.34 MiB <https://192.168.2.1/diag_dump_states.php?ruleid=90> > IPv4 * LAN net * * * * none > Default allow LAN to any rule > 5 > <https://192.168.2.1/firewall_rules.php?if=lan&act=toggle&id=5> > 0 /0 B <https://192.168.2.1/diag_dump_states.php?ruleid=> > IPv6 * LAN net * * * * none > Default allow LAN IPv6 to any rule > > -- > > Respect your privacy and that of others, don't give your data to big > corporations. > Use alternatives like Signal (https://whispersystems.org/) for your messaging > or > Diaspora* (https://joindiaspora.com/) for your social networking. > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold