Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to block traffic for Internal LAN devices with static assignments

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 245 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MazukFarnas
      last edited by

      I recently set up static assignments on devices throughout our house with the intention of being able to block internet access on demand for my children. I am currently testing on our Living room tv but regardless of the interface I choose to create the rule on WAN/LAN and enable it the device is still able to stream Netflix/Youtube and other applications without issue. This particular device is a living room tv which is connected directly via Cat6 cable to my wireless router which is in bridged mode set to simply push wireless, and then to the SG-1100.

      I am posting an example of the rule created below which is not disallowing traffic to the device in question below: (I

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        Don't see any rules.

        Keep in mind even when you create a block rule, you have to clear any states that might already be active or your block rule will not take effect.

        And you wouldn't create the rules on the WAN.. You create rules on the interface the traffic will first enter pfsense. The rules are evaluated top down, first rule to trigger wins, no other rules are evaluated.

        The default rule on lan is allow any.. So putting a block rule below that would be pointless and it would never be evaluated.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • A
          akuma1x
          last edited by

          Here is a rule I setup (but it's currently disabled as you can see from the screenshot) to keep 1 single device from accessing anything off it's own subnet, thru the firewall. In my example, the host at 10.0.1.116 is blocked to any destination.

          Screen Shot 2019-10-30 at 2.17.13 PM.png

          Like @johnpoz says, you have to have this rule above the default allow any to any rule.

          Jeff

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.