How to block access to gateway modem's local ip address



  • I got a new cable modem last week. Not super happy with the device - it's one of those wifi combo arris models. The wifi is turned off, and I have no problem with traffic passing through.

    However, the device has local 192.168.0.1 & .100.1 access, and I want to shut down any access to those addresses and/or subnets. None of my interfaces on pfsense use the default subnets on the device. After attempting to block all access to these subnets, I realized it's not possible with typical methods because the gateway modem is listening for it, and all interfaces get access to the gateway.

    Is there an alternative/creative method for blocking local access to this device?

    Another way to ask the question is: despite normal firewall settings, is there a feature that permits killing any states, etc. which include a specific ip address? I would imagine that this is a unique situation given that it's coming from the gateway.

    Also, pfsense sits above a proxmox hypervisor, and has it's own physical ethernet card, and I tried adjusting the proxmox firewall for the pfsense interface so it would block incoming traffic from the modem ip address(es) on the pfsense interface but it didn't work.

    Thanks for any help or ideas to try.



  • @gboone I found this discussion from a couple of years ago. I will try to create an interface with the modem's subnet and then block everything to the interface with no machines running on that interface and see if it works.



  • Solved: I created a new interface and made the interface ip address equal to the local address of the cable modem. The interface can be pinged, but now all local interfaces on network will resolve to the new interface ip address, instead of the cable modem ip address.