Unable to block traffic for Internal LAN devices with static assignments



  • I recently set up static assignments on devices throughout our house with the intention of being able to block internet access on demand for my children. I am currently testing on our Living room tv but regardless of the interface I choose to create the rule on WAN/LAN and enable it the device is still able to stream Netflix/Youtube and other applications without issue. This particular device is a living room tv which is connected directly via Cat6 cable to my wireless router which is in bridged mode set to simply push wireless, and then to the SG-1100.

    I am posting an example of the rule created below which is not disallowing traffic to the device in question below: (I


  • LAYER 8 Global Moderator

    Don't see any rules.

    Keep in mind even when you create a block rule, you have to clear any states that might already be active or your block rule will not take effect.

    And you wouldn't create the rules on the WAN.. You create rules on the interface the traffic will first enter pfsense. The rules are evaluated top down, first rule to trigger wins, no other rules are evaluated.

    The default rule on lan is allow any.. So putting a block rule below that would be pointless and it would never be evaluated.



  • Here is a rule I setup (but it's currently disabled as you can see from the screenshot) to keep 1 single device from accessing anything off it's own subnet, thru the firewall. In my example, the host at 10.0.1.116 is blocked to any destination.

    Screen Shot 2019-10-30 at 2.17.13 PM.png

    Like @johnpoz says, you have to have this rule above the default allow any to any rule.

    Jeff


Log in to reply