how to block lan ip to another lan ip on same interface and same subnet

genesislubrigas · Oct 25, 2019, 5:14 AM

For example I have lan net 172.29.2.0/24 and I want to block traffic between 172.29.2.10 and 172.29.2.20, it is possible? What rules should I create ?

I have already tried create block and reject rules but it did not block the traffic from going to each other.

akuma1x · Oct 25, 2019, 5:27 AM

You can’t block hosts on the same subnet from talking to each other on your firewall. You have to either put them on different subnets, or see if your switch is capable of isolating the 2 ports from each other.

Do you have a smart, or managed, LAN switch? If not, this would be a good reason to get one.

Jeff

genesislubrigas · Oct 25, 2019, 5:41 AM

Can you give example on how to put them on different subnet ?

akuma1x · Oct 25, 2019, 2:09 PM

Sure.

If you have separate interfaces on your pfsense box, that’s one way. This guy makes several videos about pfsense and how to config and use it. He's got a session on multiple networks using separate interfaces on the same box.

https://www.youtube.com/watch?v=9kSZ1oM-4ZM

If you have a managed switch, and have some knowledge on it, or are good at google’ing instructions and guides, you can setup VLANs on your pfsense box and switch.

If you have a capable managed switch, you can setup port isolation on said switch. Manufacturers tend to call this setup different things, so you might have to dig for some instructions again.

Hope that helps!

Jeff