• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to prevent device from communicating over a local network and Internet

Scheduled Pinned Locked Moved Firewalling
4 Posts 3 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    Elrick75
    last edited by Elrick75 May 1, 2020, 5:20 PM May 1, 2020, 5:10 PM

    Good morning, sir,

    I have identified a device (a LG sound bar, SL10Y) that initiates an IPv4 and IPv6 connection (DHCP request)
    The network configuration is built-in in the LG firmware, so it is not possible to change or disable these settings.
    If I unplug the network cable, the wifi will automatically activate and he will want a valid hotspot to leave me alone.
    I find this device extremely unhealthy.

    Not knowing the nature of the traffic that this device can generate and not being a fan of the microphones that it integrates.
    I would like to forbid it any traffic on the local network with its IPv4 and IPv6 address.
    Basically prevent her from communicating with anything else than herself ;)

    The existing rules on my local network are the following.
    310ca20b-d5a4-4660-a5ff-a1c7f6195064-image.png
    Can you please tell me what kind of rule I need to create and the parameters to use?
    I also need to know where I should place this rule please?

    In advance, thank you for your help.

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by johnpoz May 1, 2020, 6:26 PM May 1, 2020, 6:26 PM

      @Elrick75 said in How to prevent device from communicating over a local network and Internet:

      with anything else than herself ;)

      Then you need to put it on its own vlan with no other devices on that network.. pfsense has zero to do with things talking to each other on the same network.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • B
        bmeeks
        last edited by bmeeks May 1, 2020, 8:54 PM May 1, 2020, 8:51 PM

        @Elrick75
        To expound a little more on what user @johnpoz posted -- devices on the same IP subnet (same LAN if you want to look at that way) can and do communicate directly with each other through the network switch (or hub) they are connected to. The firewall is never in that pathway, thus the firewall can't do anything about them talking to each other.

        The only time devices on a LAN will communicate with the firewall is if they need some specific service from the firewall (such as a DNS lookup from the local unbound resolver) or they need to communicate with a device that is not on the same IP subnet as them. In other words, when they need to talk to something on the Internet they will go through the firewall, but when they only want to talk to each other they will do that directly bypassing the firewall.

        @johnpoz's solution for you is to create another IP subnet (a VLAN) and put this troublesome device on that network all by itself. Doing this requires you have a network switch that understands VLANs, or if you a spare port on your firewall you can directly connect this troublesome device there and configure that port as a different IP subnet.

        There is no way to prevent devices on the same LAN from talking with each other using firewall rules because the firewall will never see that traffic. It will flow from one device directly into the network switch port, then through the network switch fabric, and directly out the port the other device is connected to.

        1 Reply Last reply Reply Quote 0
        • E
          Elrick75
          last edited by May 2, 2020, 7:29 AM

          Thank you for your answer.
          I will create a new VLAN on my switch dedicated on specific port for this shitty device.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received