Inbound Deny Posture

Deny all unsolicited inbound traffic from WAN to LAN, enforcing a secure baseline posture.

Tools Used

OPNsense Firewall
Firewall Rules (WAN → LAN)
Log Viewer
Diagnostics: Port Scan / External Reachability Tests

Steps Taken

Verified default deny posture on WAN rules.
Added explicit block/log rules for clarity.
Tested inbound reachability from external host (SSH/HTTP attempts).
Confirmed traffic blocked and logged.
Validated LAN services remained accessible internally.

Screenshot: WAN Rules

WAN rules showing inbound deny posture — WAN rules configured to block/log all inbound traffic.

Screenshot: Inbound Attempt

External test showing inbound blocked — External attempt to connect was denied.

Screenshot: Blocked Inbound Traffic

Firewall logs showing blocked inbound traffic — Firewall logs confirm inbound traffic blocked.

Screenshot: LAN Access

Internal LAN access test — Internal LAN services remain accessible.

Outcome

Inbound traffic denied by default, with explicit block/log rules documented. External scans confirmed no exposed services. Internal LAN access unaffected. This demonstrates secure baseline posture.