How to Block WAN but Allow LAN (incl. or excl. SMTP) ?

Hello, how should I set Firewall rulesets, so as to Block WAN but Allow LAN (incl. or excl. SMTP respectively) ?

Hi patwwh,

Thank you for reporting, kindly refer the below link


I don’t understand the link. It doesn’t tell how to define a zone for internet.
I also asked the question earlier here

EDIT: I think he wants to only allow LAN. To do that use rule then a rule block all other(Block IP IN/OUT Anyanyany)


I think there is a basic misunderstanding behind your request.

You say you want to

  1. to Block WAN but Allow LAN (incl. or excl. SMTP respectively)
  2. define a zone for internet

LAN = Local Area Network - with the emphasis on LOCAL. Your LAN is everything on the inside of your router/modem
WAN = Wide Area Network - pretty much everything on the other side of your router - www, email, FTP - all the good things.

If you block WAN and only allow LAN - you’ve just blocked all the good stuff.

Re. the other half of your original request whare you say “but Allow LAN (incl. or excl. SMTP respectively)”, unless you are running an SMTP (email) server on the interior of your LAN and only ever send emails to other people on the inside of your LAN, all SMTP (outbound email) requests will need access to the WAN.

You can’t have your cake and eat it too without getting exceptionally complex in your rules, zones and exceptions schema.

Without using terms like LAN, WAN or SMTP, can you rephrase your request in plain English, explaining exactly what are you trying to achieve and I’ll see what we can work out.

Ewen :slight_smile: