Restrict traffic between users on the same subnet/interface.



  • Hi
    Im wondering if its possible to restrict traffic (block what kind of port/service) for example 192.168.0.2 and 192.168.0.3 can have?



  • No this is not possible with pfSense (or any firewall).
    For this you need switches that support VLANs or some other way of separating users on layer 2.



  • Yes now that you say it its obious, forgot like network 101.



  • For doing it only with the pfSense box, it is only possible if it is a wireless interface acting as an access point or if you only use one port on the box per client that connects to it.  The former can be done by disabling the "allow intra-BSS communication" option and the latter probably isn't practical to do on the pfSense box itself.


Log in to reply