How to isolate ips from the same LAN



  • I am trying to block my desktop (192.168.1.2) to ssh to my home server (192.168.1.5). They are both connected through a switch to the lan interface.

    I have put a rule at the top of the LAN interface

    Block * 192.168.1.2 * 192.168.1.5 * *

    But nothing happens. I can still ssh to my server. When I have a look at the logs I can't find anything about this connections. It seems as if the connection goes through the switch without being filtered at all by pfsense.

    Am I missing something or is this a limitation of pfsense? If i need this kind of control do I need to put them on a different interface/subnet (e.g. OPT) or do I need a different type of switch?

    Thanks



  • You cannot block this kind of traffic.
    This is not a limitation of pfSense.

    Since the server and the client are connected directly via the switch, this traffic never reaches tue pfSense.
    A solution would be, as you wrote yourself, to put the server on a different subnet/interface.
    Alternatively you get a VLAN capable switch and disallow communication between these ports.
    Or you create multiple VLANs on the switch and add them as OPTs on the pfSense.
    But this would be as if you added another NIC.



  • Also, this has been asked, and answered, many times before.  Please search the forum before posting.


Log in to reply