block traffic between LAN IP

ravegen

I have LAN ip say 10.0.0.10 and 10.0.0.20

In my firewall rules in LAN INTERFACE, i block and reject all protocol types from 10.0.0.10 to 10.0.0.20 all ports and vice versa. However, I can still ping between those ip and there is still udp connection that a lan messenger uses.

How do you properly block connection between LAN IP's ?

johnpoz

You don't pfsense has ZERO to do with connections between devices on the same network.

Use host firewall, or do something on your switch if its smart and can do ACL's

Move your device to another network/vlan, so the traffic flows over pfsense then you can firewall

SammyWoo

@ravegen As he^ says, traffic between the same subnet don't even go through the firewall. A firewall is basically between the outside (Internet) and the inside (LAN). If your FW has multiple NICs, u can tend create multiple LAN segments (subnets) THEN that can force the FW to interviene. Multiple subnets with all its complications.

And also, repeating what he^ says, some fancy switches have ACL (Access List) that can potentially do what you want.