Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can i block specific ip or mac address accessing internet

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 6.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      redrum
      last edited by

      can i block specific ip or mac address accessing internet? how?

      heres my firewall rules;

      action : pass
      Interface: LAN
      Protocol: TCP
      Source: Network / 192.168.2.99/24 (is this correct?)
      Source OS: any
      Destination: any
      Destination port range : http to https
      Schedule: 12:00pm to 1:00pm
      Gateway: load balance

      and

      action : pass
      Interface: LAN
      Protocol: TCP
      Source: Single host or alias / "test" (is this correct?)
      Source OS: any
      Destination: any
      Destination port range : http to https
      Schedule: 12:00pm to 1:00pm
      Gateway: load balance

      i add Aliases name "test" with multiple ip address

      when i reboot pfsense i got this error on starting firewall : invalid argument

      1 Reply Last reply Reply Quote 0
      • B
        bracks
        last edited by

        Create an alias with the adresses that you either want or dont want to be able to
        acess.
        Probably the don't want access as I assume this will be smaller.

        Then create a single rule
        Lan
        Pass
        Source !BlockedIPList
        Destination any
        Port HTTP to HTTP

        Create a second rule covering HTTPS

        You need to remove the rule allowing the entire internal lan out

        This should work..

        Regards

        Mark

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.