Cant figure out how to block on LAN
-
Hello,
I am having trouble blocking some applications on my LAN. For example I have a plex server installed which I want to allow only for a few hosts set up in an alias.
Have set up the alias and added the ip addresses. To block this im trying to use floating rules. I have a WAN/LAN/VPN interface on my pfsense.
The rule I set up looks like this:
Float:
Action: block
interface: LAN
Direction: any
proto: TCP
Source: ComputerAlias
port: any
Destination: plexserver
port:32400I have enabled apply directly on match for all my rules.
This obviously didnt work because I noticed the outgoing ip to my plex server is not any of the hosts I set up in the alias but it is passing out through the LAN address of the firewall/LAN gw address. It seems to only communicate between those 2 IP's which leaves me no room to block any hosts using an alias from accessing it, it is either you have a connection or no one has.
How can I get around this and use an alias to block ?
I also have the same problem with RDP, i cannot block it…(not for specific hosts, i can block in general but its not what im looking for).Does anyone have any ideas on how to block connections using aliases on a LAN interface?
Thanks! -
Where are you trying to block it from? Lan device talking to another Lan device doesn't talk to pfsense.. Lan device would only send traffic to pfsense, ie the gateway to get off LAN..
If you want to block with pfsense device A from talking to device B, then device A needs to be on a different network than B so the traffic would be handled by pfsense, then could be a physical network segment or just a vlan. But devices on the same network do not send traffic to their gateway to talk to each other. So how would pfsense block said traffic?
