Block single host

rakeshvijayan

Hi

Is it possible to block single client in a network with pfsense  ,I have tried by assing static dhcp  ip for the specific machine .and I write rule in lan interface Action:block prot:any source:single host or alise  remain are default and I reloaded the filter .but client can access the connection

do any body have an alternative choice to do so ….....
please help

heper

what you tried todo seems correct. you could post screenshots to be sure.

did you reset the states table ? all existing connections will continue to work unless you reset states.

johnpoz

What connection are you talking about?  Yes you can block an IP from accessing anything outside of its network segment that pfsense routes - be it internet or another network segment that connects via pfsense.

I currently prevent a single IP on my lan from accessing anything other than the websense proxies on 8081, 8082 as test box to duplicate a customers setup where their firewall blocks all internet access other than to cloud based websense proxies.

Works great!!  I can even turn on logging to get a listing of stuff the client is trying to connect to that for whatever reason is not using the proxy, etc.  Great troubleshooting aid.

As mentioned you have to clear the current states after you put in a rule like that, if there is a state already open it could be using that.

rakeshvijayan

I did it by assign static ip address for the specified mac address of the system .10.0.0.1 /8 is my lan network and Dhcp range is 10.0.0.10 to 10.0.0.254 remain static  ip range is 10.10.10.0/24 and then I make rule for this network for reject the whole connection .because MY wifi password familiar to every one .I want to block unwanted system or mobile from outsiders .I think it work for me …......

This is my setup

Internet connection 10mps broadband : pfsense PPPOE  setup on wan : one lan setup : to switch

Here I am using pfsense as router , firewall and proxy I don't know is this cause any problem for me ..... advise and leading to handle is this great pfsense is more appreciate to all

josekym

Is your block rule above the default LAN rule?

Guest

If you want to separate your wifi and lan traffic, you need to use VLANs or add another NIC to the pfsense firewall. Any device plugged into that switch, can talk to each other. They never go through the firewall.

rakeshvijayan

@heavy1metal:

If you want to separate your wifi and lan traffic, you need to use VLANs or add another NIC to the pfsense firewall. Any device plugged into that switch, can talk to each other. They never go through the firewall.

BY your word , vlan is essential for me to separate my network lan and wifi .Is it possible to vlan on currently configure and working pf system …........

thanks for your great words

rakeshvijayan

@josekym:

Is your block rule above the default LAN rule?

I edited but only allow needed port on the lan .why you ask me so .have any problem here …please open your words

Guest

Yea pfsense supports vlans, I have about 6 setup now.
http://networktechnical.blogspot.com/2007/04/pfsense-how-to-setup-vlans.html

You would need a switch that supports VLAN tagging however.

Otherwise you add another NIC to your firewall, which is probably cheaper/easier to do.