Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to block access to gateway modem's local ip address

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 1 Posters 482 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gbooneG
      gboone
      last edited by

      I got a new cable modem last week. Not super happy with the device - it's one of those wifi combo arris models. The wifi is turned off, and I have no problem with traffic passing through.

      However, the device has local 192.168.0.1 & .100.1 access, and I want to shut down any access to those addresses and/or subnets. None of my interfaces on pfsense use the default subnets on the device. After attempting to block all access to these subnets, I realized it's not possible with typical methods because the gateway modem is listening for it, and all interfaces get access to the gateway.

      Is there an alternative/creative method for blocking local access to this device?

      Another way to ask the question is: despite normal firewall settings, is there a feature that permits killing any states, etc. which include a specific ip address? I would imagine that this is a unique situation given that it's coming from the gateway.

      Also, pfsense sits above a proxmox hypervisor, and has it's own physical ethernet card, and I tried adjusting the proxmox firewall for the pfsense interface so it would block incoming traffic from the modem ip address(es) on the pfsense interface but it didn't work.

      Thanks for any help or ideas to try.

      gbooneG 1 Reply Last reply Reply Quote 0
      • gbooneG
        gboone @gboone
        last edited by

        @gboone I found this discussion from a couple of years ago. I will try to create an interface with the modem's subnet and then block everything to the interface with no machines running on that interface and see if it works.

        1 Reply Last reply Reply Quote 0
        • gbooneG
          gboone
          last edited by

          Solved: I created a new interface and made the interface ip address equal to the local address of the cable modem. The interface can be pinged, but now all local interfaces on network will resolve to the new interface ip address, instead of the cable modem ip address.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.