Can i block specific ip or mac address accessing internet



  • can i block specific ip or mac address accessing internet? how?

    heres my firewall rules;

    action : pass
    Interface: LAN
    Protocol: TCP
    Source: Network / 192.168.2.99/24 (is this correct?)
    Source OS: any
    Destination: any
    Destination port range : http to https
    Schedule: 12:00pm to 1:00pm
    Gateway: load balance

    and

    action : pass
    Interface: LAN
    Protocol: TCP
    Source: Single host or alias / "test" (is this correct?)
    Source OS: any
    Destination: any
    Destination port range : http to https
    Schedule: 12:00pm to 1:00pm
    Gateway: load balance

    i add Aliases name "test" with multiple ip address

    when i reboot pfsense i got this error on starting firewall : invalid argument



  • Create an alias with the adresses that you either want or dont want to be able to
    acess.
    Probably the don't want access as I assume this will be smaller.

    Then create a single rule
    Lan
    Pass
    Source !BlockedIPList
    Destination any
    Port HTTP to HTTP

    Create a second rule covering HTTPS

    You need to remove the rule allowing the entire internal lan out

    This should work..

    Regards

    Mark


Locked