Advice to isolate few known hosts on the same network



  • Dear all,

    In my home network I have one pfsense (acting also as wifi access point) and I have the following need:
    I have a few known clients which I would like to isolate, meaning allow the access to specific hosts and the internet. At the same time I would like to deny access to other hosts and to the VPN tunnel I have (via pfsense).

    I don't want to create a second wifi network for those devices.

    What would be ideal is to create a group of hosts (by static ip addresses or by mac) and allow access only to a second group of allowed hosts and the internet.
    I know from a security perspective is not a good solution but I only need to deny direct connections.

    I appreciate your ideas and suggestions.
    KR,
    dk



  • For pfSense to be involved they would need to be on their own network (interface) so traffic between them would cross the pfSense.



  • Hello Steve,
    Clear, considering that the hosts i want to limit direct connection to certain network resources are all connecting with a static ip to the wifi interface of the pfsense would it be feasible?

    dk



  • @d82k said in Advice to isolate few known hosts on the same network:

    would it be feasible?

    Unless the traffic actually passes through pfSense, no. If they're all on the same subnet, the traffic will never pass through pfSense, so it can't have any effect.