Blocking Internet Access for a Device

iTestAndroid

Hello

I have a machine in my network, it does have static IP, static MAC. So either can work.
I need to block ALL type of internet access for this device, device shouldn't access internet, anything from internet shouldn't be able to access this device.

But all other devices in my network should see this machine and this machine should see everyone else in my own network

I tried to do this using firewall rules like TCP/IP and ALL ports from This IP to WAN denied, from WAN to this device denied, etc.
But none worked.

What should I do? Is it even possible? If yes, how? Please advise.
Thanks

n3by

of course it is possible if you have static IP for that device.

I assume you have only one LAN, if not you need to change the rule to allow access to other LAN's use an alias … or add in front of this rule one pass rule for that device to others LAN's.

Just add a rule to that LAN that will cut all traffic from that IP when will exit LAN ( traffic inside that LAN will not go to firewall ):

Action - block
Interface - LAN name
TCP/IP Version - IPv4/6
Protocol - any
Source - single hot or alias - enter device IP
Destination - any

save and clear firewall states, done.

To cut traffic from internet you can make another rule to WAN with destination to that IP... in case you have open ports.

iTestAndroid

Thank you! But I tried that already, it just doesn't work.

I have WAN, LAN, OPT1, OPT2. I have pfSense SG-2440.

The device I'm talking about is in OPT1 range. I want device in OPT1 to be able to see everything in LAN, OPT2 and LAN and OPT2 see the device inside OPT1. But the device in OPT1 192.168.4.22, shouldn't see internet.

I can't get this done!

Derelict

So we can get a better idea what you're doing, what are the rules on OPT1?

There are a couple different ways to do this. Which way is better depends.

n3by

Assuming you don't have some special rules in your LANS's then add this rules at top of OTP1 rules.

1 - will alow traffic from 192.168.4.22 to LAN
Action - allow
Interface - OPT1
TCP/IP Version - IPv4/6
Protocol - any
Source - single hot or alias - enter device IP 192.168.4.22
Destination - LAN

2 - will alow traffic from 192.168.4.22 to OPT2
Action - allow
Interface - OPT1
TCP/IP Version - IPv4/6
Protocol - any
Source - single hot or alias - enter device IP 192.168.4.22
Destination - OPT2

3 - will block traffic from 192.168.4.22 to any destination
Action - block
Interface - OPT1
TCP/IP Version - IPv4/6
Protocol - any
Source - single hot or alias - enter device IP 192.168.4.22
Destination - any

save and clear firewall states, done.

p.s.
you can change rule 1 and 2 in only one rule if you will use an alias with networks LAN and OPT2 as destination.

iTestAndroid

Thank you very much!
It did the job!