Restricting Internet Access for Some Clients

  • Hello guys,
    I would like you to help me with the following question:
    I intend to restrict access to the internet to some computers on the network, where I would like to do it as follows:

    • Block access to all sites except the ones I want these clients on the network to have access to and I'd like to make it associated with the mac addresses of these clients.
      Thank you in advance for your help.

  • LAYER 8 Global Moderator

    @giovannio said in Restricting Internet Access for Some Clients:

    associated with the mac addresses of these clients.

    Pfsense is a L3 firewall - not layer 2.. So if you want specific devices to be blocked based upon their mac setup dhcp reservations so these mac always get the same IP. Then block them on your lan rules from getting to internet.

    Or setup a captive portal where the macs you want can access, but clients not on the list can not.

    You could also setup static arp on pfsense so it will not even talk to the macs not in the static arp list, and they would not have internet, etc.

    Some clarification would help determine best way to skin the cat your trying to skin. Are they wired or wireless. Do they need access to other local networks that are routed through pfsense. Do you use proxy? etc. etc. What sort of devices are these devices you do not want to have internet? Could you move them to their own network/vlan so that whole network/vlan does not have internet, etc..

    Another option might be to setup dhcp reservations for the mac you do not want to have internet and give them bogus gateway - so no internet, etc. There are lots of ways to skin a cat, you need to know the breed and size and color, etc. to figure out the best way ;) You don't use the same method for your household tabby that you might use for a bobcat or lynx, etc. What you want to do with the skin after you take it off also matters.. Are you going to make a coat out of it - or will you use it as a rug in front of your fireplace, etc. ;)

  • @johnpoz said in Restricting Internet Access for Some Clients:

    Hello my friend,
    Thankyou for your response.
    Your explanation was very enlightening :)
    I guess I could not explain what I mean.
    I would not want to block access to the internet entirely.
    For example, there is a device where I want to block all websites except for 10 websites that are for work purposes.
    Is there a package that does this?
    Thank you very much.

  • LAYER 8 Global Moderator

    That would be done via proxy... But its restrictions are not based upon mac address.

  • ThankYou! :)

  • LAYER 8 Global Moderator

    I don't think you understand the thread protar.. He is not talking about a mac computer he is talking about mac address of multiple devices, etc.

Log in to reply