Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Advice to isolate few known hosts on the same network

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 3 Posters 559 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      d82k
      last edited by

      Dear all,

      In my home network I have one pfsense (acting also as wifi access point) and I have the following need:
      I have a few known clients which I would like to isolate, meaning allow the access to specific hosts and the internet. At the same time I would like to deny access to other hosts and to the VPN tunnel I have (via pfsense).

      I don't want to create a second wifi network for those devices.

      What would be ideal is to create a group of hosts (by static ip addresses or by mac) and allow access only to a second group of allowed hosts and the internet.
      I know from a security perspective is not a good solution but I only need to deny direct connections.

      I appreciate your ideas and suggestions.
      KR,
      dk

      1 Reply Last reply Reply Quote 0
      • S Offline
        SteveITS Rebel Alliance
        last edited by

        For pfSense to be involved they would need to be on their own network (interface) so traffic between them would cross the pfSense.

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • D Offline
          d82k
          last edited by

          Hello Steve,
          Clear, considering that the hosts i want to limit direct connection to certain network resources are all connecting with a static ip to the wifi interface of the pfsense would it be feasible?

          dk

          JKnottJ 1 Reply Last reply Reply Quote 0
          • JKnottJ Offline
            JKnott @d82k
            last edited by

            @d82k said in Advice to isolate few known hosts on the same network:

            would it be feasible?

            Unless the traffic actually passes through pfSense, no. If they're all on the same subnet, the traffic will never pass through pfSense, so it can't have any effect.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.