Blocking an printer from the internet.
-
This post is deleted! -
Give it a static IP address. Create a new Alias and put all local, non-internet IP address ranges in that alias. Then, finally, create a firewall rule on the same subnet as the printer and deny it access to any network besides those in the alias from above.
If you need the exact steps, let me know, I have them all typed out in detail somewhere here already.
Jeff
-
@PaniniStealer
Here it is, found it:
https://forum.netgate.com/topic/137301/block-internet-access-on-some-machines-belonging-to-lan/4
Jeff
-
This post is deleted! -
Let's go thru the steps in more detail:
-
Set a static IP address for the printer. You have to do this in pfsense, not on the printer. From your screenshot, this looks like you gave it IP address 192.168.1.88, and that looks good.
-
Create an alias for all the private networks, there are only 3.
-
Create a blocking firewall rule using the alias and the printer.
In your screenshot, I'm not sure what you mean by the "printer_enzo" alias. You say computers are in there, but the alias should look like my screenshot, in step 2. It's not actually computers that should be in there, but instead the private networks. See more info here: https://whatismyipaddress.com/private-ip
This will be a tough rule to actually check - your printer may never, even all by itself, communicate out to the internet.
Hope that helps.
Jeff
-
-
@akuma1x said in Blocking an printer from the internet.:
Set a static IP address for the printer. You have to do this in pfsense, not on the printer.
It should also be possible to use static DHCP mapping, to assign a static address to a MAC address.
-
This post is deleted! -
Wrong.
Enemy number one on your network would be your own pad, phone and PC's.
Servers and the like are next.Other devices : if you don't want them to check the net for possible firmware updates etc, fix their IP's with DHCP MAC Leases, and list all these IP's in a alias. Place a firewall rule on top that block all outgoing connections FROM these IP's. Done.
Keep in mind : you should check if these devices have 'innocent' services build in like NTP. If possible, set up the devices so it can use pfSense as a NTP source.
Have the blocking firewall log blocked connection : you'll know if they want to go outside, and where they want to go.
Btw : think about it : you invest in a printer brand, putting a 6 or (far) more digit number into it to design and commercialise. Then some kid comes along, and does the easy check and finds out : the device call's home, communicating private data. It will hit CNN right away. Your brand, investment, everything, down in the drain.
-
@JoseDiaz said in Blocking an printer from the internet.:
I agree with you that a printer connected to a Wi-Fi network is unreliable. As far as I know, they don't have the same protection as computers.
Lol another "rogue account" is my guess here. These generic responses with accounts that have a handful of posts are popping up more. I'm starting to develop an eye for these. Let me know if you need my rogue hunting services for a small fee :)
-
Yeah can almost promise you that is spam incoming ;) Big surprise - IPs from all over the place as well... 4 IPs, 4 different countries..
-
@johnpoz said in Blocking an printer from the internet.:
Yeah can almost promise you that is spam incoming ;) Big surprise - IPs from all over the place as well... 4 IPs, 4 different countries..
I love the football avatar though. Nice touch. They usually don't go that extra mile to post nonsense :)
-
My guess. Would be that was someones account, and their password got compromised somewhere to be honest.. The account was created back in july..
Its hard to tell from the list of IPs given - which was the first one used, etc. But one of them is from US, but the last 2 used are not ;)
Why do you create an account back in july, and then never bother to post until now.. And then when you do its some gibberish on a thread from 2 years ago, etc. etc..
-
This post is deleted! -
Spammers are going to create a black hole in the forum posting on each others spam.
-
Ha, yup. Just drawing in more spam increasing the spam density.....
