Block 1 LAN host from accessing other LAN machines
-
Hello All,
I am trying to block 1 machine on LAN from accessing files/shares on all other machines on LAN.
I have a block rule setup: Block, LAN, Ipv4, Tcp/Udp
Source: Single host or alias - 192.168.1.101
Ports: Any
Destination: Network 192.168.1.1/24
Ports: AnyI have tried switching the protocol to just Tcp, changing the destination to LAN net, and adding destination ports 137, 138, 139, 445.
None of this has worked. 192.168.1.101 can still access files/shares on other machines on LAN.
BTW, If my LAN is 192.168.1.1/24, whats the difference between using lan.net or network?
As always, any help is greatly appreciated!
-
Pfsense has nothing to do with devices on the same network (lan) talking to each other. Pfsense is the gateway to get off a network, ie other vlans or the internet. When devices talk to something on the same network they send traffic direct to that device, it doesn't go through pfsense.
Move the single device to another vlan. Or if your switch supports it do something like private vlans which allows for filtering who can talk to who on the same L2 network.
-
Thanks, understood.
But what is the difference between LAN net, and network?
And what is This firewall (self)?
-
firewall self is all IPs on the firewall, lan, opt x, opt Y, etc..
lan net is just that whatever the lan net is 192.168.1.0/24 - or 192.168.2.0/24 - what did you make the lan net.. Network is just any network you put in..