This video is much appreciated. It was nice to see a simple approach to pfSense firewall rules with explanations of what we were setting up. Thank you for a great video!

I shared it with my wife, but she didn't care. Never mind. Great video!

Dude this was brilliant. Perfect pace and explanation. You got a subscriber here!

Thanks very much for this video. First video shows some new techniques that others have not shown

Exactly what I was looking for, I kept hitting roadblocks with unifi vlans, this is a much better approach!

This type of rule is clear now thanks to your approach, well done. Thank you, subscribed!!!

Man you saved me so much more frustration, I was trying to separate my IoT devices and when I block access from IoT to Lan I had no internet...no matter what I did and firewall rules I set, change etc. it wouldn't work. I watched your video and it was fixed. Didn't allow DNS to the Lan network, did it and bam all is working. I was about to reinstall my Opnsense firewall. Thanks to your video it's all fixed. Thanks a lot. :)

very clear. love the way you explain.

Thank you man. you explained it very well. I suggest make a video about IPS/IDS using pfsense

Thanks for this clear and great demonstration. Have a great day

I love this video. I am learning here. Thanks so much. 😊

Thank you - measured clear and good information

Short and sweet. And really helpfull. Many thanks. Ideas?: any advice on hoy to deal with IoT traffic will be much..very much appreciated

Mate is a very good video!!! Im going to search more videos, Im trying to learn a lot of pfsense. Grettings from Mexico

Thank you! Been looking for a while to find out how to do this...

HI, I have a 3cx phone switch on my network. I need to limit access to the sip provider on port 5060 UDP and 5061 TCP - and whitelist or limit access to the wan on those ports and those ip's only. Nothing else ingress/egress on those ports. - Just a suggestion. Great Job thanks JB

3:29 That way you are still allowing any traffic trough chosen gateway, which includes private networks in WAN net. If your WAN is not an Internet directly but something like LAN of ISP router (not all ISPs allow bridge mode on their devices), then you would allow Guest net to access management interface of ISP device.. Instead make an RFC1918 networks alias and use "allow Guest net to NOT RFC1918" rule.

great video, I really get it and understand due to your excellent explanation. Can you do for openvpn that can access LAN resources and webserver? thank you in advance.

I would love to see how you handle notifications

This is a brilliant tutorial - many thanks. The gateway trick is very useful. However would you be kind enough to show us how you setup the virtual machines in Virtualbox? That way we can setup our own firewall test-beds to check the firewall rules / DNS / web access etc is working - for example we could emulate a guest user but make sure the guest can't access the firewall admin page etc. I hope that's ok, many thanks in advance.

Oh thats fab! ..my preconfigured captive portal worked too ;)

I would like to see something on managing firewall certificates with letsencrypt, hadoop, acme, and dynamic DNS. Thanks.

thank you very much man

great information. thanks!

Only found this now (great), how about adding VLANs to the mix where you only have one LAN and one WAN port on the router. And then have 3 VLANs; LAN, GUEST and IoT. Thanks.

Great! Very clear explanation. Could you please delve a bit deeper into this matter and make more tutorials, on port forwarding too? Thanks

Brilliant Video, keep them coming :-)

I'm in the process of setting up pf Sense on my network, I like this idea of the separation of Io T from the rest of the network. I currently have approx 35 odd devices including smart bulbs, cameras and so forth. I would also like to restrict the wireless access from the rest of the network except for specific computers. Do you have any suggestions on the best approach to this? I'm thinking, if someone was to gain access via wireless, they could potentially have access to the whole network. Your thoughts would be greatly appreciated. Again, thanks for the videos that you have done, very easy to follow.

An explanation as to why the first rule where you add the gateway works would be nice. Also would it not be possible to just prevent management access to the firewall (ssh/443 etc) but removing the guest interface from the available interfaces for management?

Great video thank you so much. What about Management VLANS for network devices? How do you prevent them from reaching the internet? I blocked the WAN IP and I'm still able to ping the outside DNS from the remote VLAN.

Could you explain OSPF configuration in pfSense, please? Also connection between Mikrotik router and pfSense, please

Thanks! Awesome job.

great video, thanks.

How could I diagnose a problem with a TV decoder connected directly via RJ45 to my pfSense ? Channels, if they load at all, load very slowly. For example, if I switch to channel 5 (e. g. BBC) on remote control, I see a black screen for 30 seconds and then the content appears, sometimes the content will not appear and I see a black screen with text information about what content is currently transmition on this channel. My configuration is an ISP router switched to bridge mode, pfSense is connected to it. I have basic firewall rules with DHCP (as DNS here I put IP of my pfSense and DNS of my ISP and Google DNS) The situation is strange, if I plug-in another router instead of pfSense, the contents on all channels loading quickly. I tried to reinstall pfSense but it didn't help. What can this delay or not load the content be due to, could you suggest how to diagnose it ?

Awesome man

How does DHCP work if hosts are blocked from communicating with the firewall? Does it work because technically the host is communicating with the broadcast address? How does the DNS resolver service work when access to ‘this firewall’ is rejected? Must DNS be configured on the host machine and go directly to the internet? (Ie... 8.8.8.8 or whatever) I wonder if you have to open up udp/tcp 53 from guest to the firewall in order to take it vantage of the builtin dns forward/resolver. I do allow ICMP from hosts to their own gateways so at least if theres a connection issue, you can test whether it’s the host or the network.

Hi there, how we can create a firewall rule on pfsense for block all incoming traffic from outside or internet to our network for more security ,but from inside network everyone can accessto internet. If it possible please make a tutorialabout it . thnx

That’s great but still can’t figure out how to manage Wi-Fi/dhcp devices. By group or profiles, even MAC address. IE, all the kids iPad, school computers, block all social media sites connecting to Wi-Fi bridge mode.

Did you already made a video about Link Aggregation? Like converting LAN to LAGG with out using new interface?

Thanks so much.

Is it possible to make the 2 VPN clients connected on single VPN server and using 2 different ports (1194, 1195) be able to see each other on network?

I need help providing internet connection to my Virtual Box for my pfsense for Ubuntu. I need the internet connection to download packages from pfsense. PLEASE HELP!!!!!!!

How about the LAN side. What should it look like for MAX usage and security?

How to Block LAN IP Address to LAN IP Address, (in the same interface LAN) example: 192.168.0.10 to 192.168.0.20

Will the reject tule block the traffic to the firewall external IP assigned by DDNS ?

hi sir after i was add the new rule in guest interface, i still not able to ping lan network,,

Lopez Paul Anderson Michelle Miller George

Subscribed. Thank you.