Controlling Guest Access with PFSense

  • Just a question is it possible to prevent clients from talking to each other that are on the same subnet with PFSense. I would like to keep devices from talking to one another except maybe a printer and still allow internet access?

  • Devices on the same subnet can talk to each other on the local switch for the subnet. pfSense does not even see the traffic, so has no chance to filter it.

    For this kind of thing you need to make a separate "guest" subnet on a separate interface (either another physical interface on your pfSense hardware, or using VLANs and have a VLAN switch etc)

    Or something like wireless client isolation and Private VLANs…

    You are looking for layer 2 isolation. pfSense is a layer 3 firewall.

