• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Make firewall rules based on user.

Scheduled Pinned Locked Moved Firewalling
3 Posts 2 Posters 376 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    alvescaio
    last edited by Apr 17, 2025, 6:50 PM

    Is possible make rules based on user? For example: A rule block access for user alves.caio for destination 10.10.10.10

    G 1 Reply Last reply Apr 18, 2025, 6:08 AM Reply Quote 0
    • G
      Gertjan @alvescaio
      last edited by Apr 18, 2025, 6:08 AM

      @alvescaio said in Make firewall rules based on user.:

      user alves.caio

      Sure.
      A firewall isn't a text" or "host name" aware.
      A firewall needs ports, protocols, and IP addresses.
      MAC addresses if you have to.

      So, your user has an IPv4. Use the IPv4 in a rule.

      You want to be sure that that user, from now on, gets always the same IP, and you can make that happen : create a "static MAC DHCP lease" for it.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      A 1 Reply Last reply Apr 22, 2025, 8:48 PM Reply Quote 0
      • A
        alvescaio @Gertjan
        last edited by Apr 22, 2025, 8:48 PM

        @Gertjan
        Thanks, friend.

        I thought that Pfsense, like Fortigate and Palo Alto, was capable of creating rules based on users, so how can I do this mac and dhcp connection?

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received