Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Apply a firewall rule for user

    Scheduled Pinned Locked Moved Firewalling
    captive portalfirewall rules
    9 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mohkhalifaM
      mohkhalifa
      last edited by

      Dear All,
      why there isn't an option to apply a spastic rule for 1 user or group users in the source ?? because I'm facing a problem after applying the Captive Portal BLOCKED all the traffic for my LAN network also Captive Portal override the Firewall Rules.
      My scenario that I want to allow some users in my LAN to access the internet with Qos or bandwidth limit on the other hand the Captive Portal can limit the bandwidth BUT it will for all the LAN devices.
      Kindly need some recommendation

      stephenw10S 1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator @mohkhalifa
        last edited by

        @mohkhalifa said in Apply a firewall rule for user:

        why there isn't an option to apply a spastic rule for 1 user

        A specific rule?

        You just need to limit some users on LAN but leave other users unrestricted?
        You can do that using Limiters as long as you can defined a firewall rule to match them. That probably means you need to use static IPs or dhcp leases.

        Steve

        mohkhalifaM 1 Reply Last reply Reply Quote 0
        • mohkhalifaM
          mohkhalifa @stephenw10
          last edited by

          @stephenw10 Also the VPN can not access my LAN Network. So, my solution till now after applying the Captive Portal is to bypass the unauthenticated with adding some IP addresses and creat a separate firewall for them. Is it the right way ?

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by stephenw10

            Do you need the captive portal or are you just using it to get bandwidth limiting? You can just use the Limiters it uses directly without having to bother with the captive portal at all.

            mohkhalifaM 1 Reply Last reply Reply Quote 0
            • mohkhalifaM
              mohkhalifa @stephenw10
              last edited by

              @stephenw10 I need CP and the problem that if CP enabled, all the firewall rules not working, which means the CP override the fw rules. !!!!

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                The captive portal works at layer 2, so yes it will always block traffic that has not been allowed not matter what the layer 3 firewall rules show.

                If you need clients to not have to use the portal add them to the pass lists in the captive portal setup.

                Steve

                mohkhalifaM 1 Reply Last reply Reply Quote 0
                • mohkhalifaM
                  mohkhalifa @stephenw10
                  last edited by

                  @stephenw10 the captive portal on my LAN network which means i will add many IPs and subnets and I must configure a rules for them all in the firewall. that's right ?

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by stephenw10

                    If you want them to pass the CP without logging in they need to added to the pass lists there.
                    They will then be subjected to firewall rules on LAN like all the traffic.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • mohkhalifaM
                      mohkhalifa
                      last edited by

                      Thanks dear for your kind reply :)

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.