Outbound Rule Hardening

Restrict outbound traffic to essential services (HTTPS/DNS) and block/log all other traffic.

Tools Used

OPNsense Firewall
Firewall Rules (LAN → WAN)
Diagnostics: Ping/Traceroute
Log Viewer

Steps Taken

Created explicit allow rules for HTTPS (TCP/443) and DNS (UDP/53).
Added final block/log rule for all other LAN → WAN traffic.
Validated HTTPS browsing and DNS lookups worked.
Confirmed non-allowed outbound traffic was blocked and logged.

Screenshot: LAN Rules

LAN rules showing HTTPS/DNS allow and block/log rule — Click to view full-size: LAN rules configured for outbound hardening.

Screenshot: HTTPS Allowed

Browser test showing HTTPS access — Click to view full-size: HTTPS browsing validated successfully.

Screenshot: DNS Allowed

DNS lookup result — Click to view full-size: DNS resolution validated successfully.

Screenshot: Blocked Traffic

Log viewer showing blocked outbound traffic — Click to view full-size: Blocked outbound traffic logged for non-allowed ports.

Outcome

Outbound traffic restricted to HTTPS and DNS only. All other traffic blocked and logged, demonstrating least-privilege enforcement.