Block in Local Network a Host from another
-
Hello Pfsense Forum,
i have nothing found about my question in Search!
My Problem is: I want Host A block in our local area network from Host B!
(WITHOUT put one in another subnet!!!)Can i realizied it with pfsense????
I think, a single host can without gateway and dns access the lan, and therefore without going about pfsense :(
but perhaps gives it a special trick or something like?THANKS for helping
-
no you can not block 2 hosts on the same segment from talking to each other with pfsense.. Pfsense as the gateway for your segment is never used for hosts talking to each other, other than if your using dns on pfsense to resolve host to an IP. But this does actually prevent host from talking to host b.
Now if your hosts were connect to 2 different interfaces to pfsense and pfsense bridged the interfaces then sure you could create some firewall rules to block talking. But if 2 hosts connected to some switch/hub which is connected to pfsense – then no not possible.
If you want to prevent hosts from talking you need to put them on 2 different segments/vlans and then since traffic is routed you can block hosts from talking to each other. Because pfsense would be doing the routing.
Or you could get a smart switch that allows for ACLs, Port Protection, etc and prevent the hosts from talking to each other that way - even if on the same segment.
Normally if you have hosts that you do not want talking to each other you isolate them with putting them on different segments/vlans - this standard practice.
Other than the above methods -- you could run software firewall on one or the other or both and block them from talking to each other with the software firewalls on the hosts.
another somewhat off the wall method would be to create static arp entries on the machines for the ips of the machines that are the wrong macs.
