Simply deny access to internet for a client
-
1: Create an alias with all the IP's you want blocked.
2: Create on LAN (or on whichever interface your clients are) a block rule ABOVE your pass rule with as source your alias.
-
Hi!
It is fantastic!
Thank you very much! :-* ;D
pfSense is the best !!! - YEAH -
i am newbie of pfsense too. version using now is pfsense 1.2release.
i had block internet through LAN and it quite ok at the beginning. but in this few days i found ppl using internet whn the internet block was active.
funny thing is i cant ping or tracert but it can go online to any website.
wat can i do to solve this? -
Make sure the client still has the same IP that it had when you added the block.
Another option to block Clients at LAN is enabling the captive portal btw. You can whitelist clients that don't need authentication either by IP or macadress this way. All other clients will be caught by the captive portal page, so you could even temporarily log them in by entering a username and password if you need it for installing an upgrade for example.
-
i very sure the IP was correct…i cant ping any web, but i stil can access those web i ping, since i hv to find out whr thy go therefore i tracert the web like google, it cant get any signal but stil can go on search at google in web browser.
-
Maybe you only have blocked protocol ICMP in your rule?
-
in the rules i block all protocol, and only allow thm go to 2 lan IP, 1 is the lecturer pc and 1 is the file server
-
Could you show a screenshot of your rules?
-
here is the LAN rules
-
Can you please retest with the schedules for this rule disabled? Does it work then? Though I have to admit that I don't fully understand that rule atm ;)
Also is that destination a single IP or a complete subnet? It has no subnetmask and the IP itself is a network IP, not a host IP.
-
ok…i had try the 1st rules which is no scheduler involve ...but same result
-
i was using same setting for 1.2 beta version without problem..after update to 1.2 release version n
restore config and it cant work til now. -
the last thing i test was disable the transparant proxy.n thn whn i connect to web it time out, actaually it quite close to wat i want….but it cant work wit the schedules