Any way to bypass firewall for a local-access only NIC?

I have two NICs in my home media computer. One NIC serves the local network with ZERO connectivity to the outside internet. The second NIC is used for internet browsing, etc.

What I’d like to do, if possible, is bypass the firewall on the local network NIC, so that any traffic to and from the machine on that NIC is not being monitored by CIS’ firewall.

You can un-tick the firewall driver from your NIC, see screenshot. The benefit is that nothing will be monitored on that adapter so it doesn’t need to filter for allow/deny but that is also the con.

I guess there are other ways like creating a global allow rule for the ip-ranges within the local network only and then creating a global block rule for all other traffic.

[attachment deleted by admin]

I would go with allowing the traffic to and from the local network rather than complete disabling the network driver.

That doesn’t really clear the criteria though. Even if you make rules to allow all the traffic on that nic, the firewall is not bypassed and all the traffic is still monitored, just allowed but it still has to check the traffic to see if it’s allowed.

And since OP wants all traffic to and from that NIC to be allowed, then why have the firewall active for that NIC at all? Having the firewall still active and monitor that traffic is just a waste of CPU time since everything is allowed anyway.

Just my opinion.

I think the following would work, but you will need to create two global rules, one for the internet NIC and one for the non-internet NIC.

RULE 1 (Internet NIC)
Action : ALLOW
Protocol : TCP or UDP
Direction : IN/OUT
Description : What ever you want to call this rule
Source Address : (EXCLUDE OFF) MAC ADDRESS of your internet NIC
Destination Address : (EXCLUDE OFF) ANY
Source Port : ANY
Destination Port : ANY

This rule allows IN/OUT traffic from the internet NIC.

RULE 2 (Non-internet NIC)

Action : BLOCK
Protocol : TCP or UDP
Direction : IN/OUT
Description : What ever you want to call this rule
Source Address : (EXCLUDE ON) MAC ADDRESS of your non-internet NIC
Destination Address : (EXCLUDE ON) IPV4 ADDRESS RANGE covering the subnet of the non-intenet NIC
Source Port : ANY
Destination Port : ANY

This rule blocks all traffic from the non-internet NIC except to/from other NICs on the same subnet.

Rule 1 needs to be at the top of the rules list.
Rule 2 needs to be immediately below Rule 1 in the rules list.

Two rules are requires as you are trying to differentiate between two traffic streams.

Please closely examine any existing rules you may have prior to implementing/testing these rules.

Please test and report the results back here in case someone else has a similar issue.

Hope this helps,
Ewen :slight_smile:

The firewall imposes a far lower overhead than the other components of CIS. If a reduction in latency is the desired outcome it would make more sense to turn off the other components but they cannot be disabled on a per-NIC basis as they are more file system and memory focussed.

Ewen :slight_smile: