Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block 1 LAN host from accessing other LAN machines

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 497 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      duvel
      last edited by

      Hello All,

      I am trying to block 1 machine on LAN from accessing files/shares on all other machines on LAN.

      I have a block rule setup: Block, LAN, Ipv4, Tcp/Udp

      Source: Single host or alias - 192.168.1.101
      Ports: Any
      Destination: Network 192.168.1.1/24
      Ports: Any

      I have tried switching the protocol to just Tcp, changing the destination to LAN net, and adding destination ports 137, 138, 139, 445.

      None of this has worked. 192.168.1.101 can still access files/shares on other machines on LAN.

      BTW, If my LAN is 192.168.1.1/24, whats the difference between using lan.net or network?

      As always, any help is greatly appreciated!

      johnpozJ 1 Reply Last reply Reply Quote 1
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @duvel
        last edited by johnpoz

        Pfsense has nothing to do with devices on the same network (lan) talking to each other. Pfsense is the gateway to get off a network, ie other vlans or the internet. When devices talk to something on the same network they send traffic direct to that device, it doesn't go through pfsense.

        Move the single device to another vlan. Or if your switch supports it do something like private vlans which allows for filtering who can talk to who on the same L2 network.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        D 1 Reply Last reply Reply Quote 0
        • D
          duvel @johnpoz
          last edited by

          @johnpoz

          Thanks, understood.

          But what is the difference between LAN net, and network?

          And what is This firewall (self)?

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @duvel
            last edited by

            firewall self is all IPs on the firewall, lan, opt x, opt Y, etc..

            lan net is just that whatever the lan net is 192.168.1.0/24 - or 192.168.2.0/24 - what did you make the lan net.. Network is just any network you put in..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.