Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Simply deny access to internet for a client

    Scheduled Pinned Locked Moved General pfSense Questions
    14 Posts 4 Posters 4.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GruensFroeschliG
      GruensFroeschli
      last edited by

      1: Create an alias with all the IP's you want blocked.

      2: Create on LAN (or on whichever interface your clients are) a block rule ABOVE your pass rule with as source your alias.

      We do what we must, because we can.

      Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

      1 Reply Last reply Reply Quote 0
      • B
        boppzoli
        last edited by

        Hi!
        It is fantastic!
        Thank you very much!  :-*    ;D
        pfSense is the best !!!  -  YEAH

        1 Reply Last reply Reply Quote 0
        • A
          angelcat
          last edited by

          i am newbie of pfsense too. version using now is pfsense 1.2release.
          i had block internet through LAN and it quite ok at the beginning. but in this few days i found ppl using internet whn the internet block was active.
          funny thing is i cant ping or tracert but it can go online to any website.
          wat can i do to solve this?

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by

            Make sure the client still has the same IP that it had when you added the block.

            Another option to block Clients at LAN is enabling the captive portal btw. You can whitelist clients that don't need authentication either by IP or macadress this way. All other clients will be caught by the captive portal page, so you could even temporarily log them in by entering a username and password if you need it for installing an upgrade for example.

            1 Reply Last reply Reply Quote 0
            • A
              angelcat
              last edited by

              i very sure the IP was correct…i cant ping any web, but i stil can access those web i ping, since i hv to find out whr thy go therefore i tracert the web like google, it cant get any signal but stil can go on search at google in web browser.

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by

                Maybe you only have blocked protocol ICMP in your rule?

                1 Reply Last reply Reply Quote 0
                • A
                  angelcat
                  last edited by

                  in the rules i block all protocol, and only allow thm go to 2 lan IP, 1 is the lecturer pc and 1 is the file server

                  1 Reply Last reply Reply Quote 0
                  • GruensFroeschliG
                    GruensFroeschli
                    last edited by

                    Could you show a screenshot of your rules?

                    We do what we must, because we can.

                    Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                    1 Reply Last reply Reply Quote 0
                    • A
                      angelcat
                      last edited by

                      here is the LAN rules

                      a.JPG
                      a.JPG_thumb

                      1 Reply Last reply Reply Quote 0
                      • H
                        hoba
                        last edited by

                        Can you please retest with the schedules for this rule disabled? Does it work then? Though I have to admit that I don't fully understand that rule atm  ;)

                        Also is that destination a single IP or a complete subnet? It has no subnetmask and the IP itself is a network IP, not a host IP.

                        1 Reply Last reply Reply Quote 0
                        • A
                          angelcat
                          last edited by

                          ok…i had try the 1st rules which is no scheduler involve ...but same result

                          1 Reply Last reply Reply Quote 0
                          • A
                            angelcat
                            last edited by

                            i was using same setting for 1.2 beta version without problem..after update to 1.2 release version n
                            restore config and it cant work til now.

                            1 Reply Last reply Reply Quote 0
                            • A
                              angelcat
                              last edited by

                              the last thing i test was disable the transparant proxy.n thn whn i connect to web it time out, actaually it quite close to wat i want….but it cant work wit the schedules

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.