Block single host



  • Hi

    Is it possible to block single client in a network with pfsense  ,I have tried by assing static dhcp  ip for the specific machine .and I write rule in lan interface Action:block prot:any source:single host or alise  remain are default and I reloaded the filter .but client can access the connection

    do any body have an alternative choice to do so ….....
    please help



  • what you tried todo seems correct. you could post screenshots to be sure.

    did you reset the states table ? all existing connections will continue to work unless you reset states.


  • Rebel Alliance Global Moderator

    What connection are you talking about?  Yes you can block an IP from accessing anything outside of its network segment that pfsense routes - be it internet or another network segment that connects via pfsense.

    I currently prevent a single IP on my lan from accessing anything other than the websense proxies on 8081, 8082 as test box to duplicate a customers setup where their firewall blocks all internet access other than to cloud based websense proxies.

    Works great!!  I can even turn on logging to get a listing of stuff the client is trying to connect to that for whatever reason is not using the proxy, etc.  Great troubleshooting aid.

    As mentioned you have to clear the current states after you put in a rule like that, if there is a state already open it could be using that.



  • I did it by assign static ip address for the specified mac address of the system .10.0.0.1 /8 is my lan network and Dhcp range is 10.0.0.10 to 10.0.0.254 remain static  ip range is 10.10.10.0/24 and then I make rule for this network for reject the whole connection .because MY wifi password familiar to every one .I want to block unwanted system or mobile from outsiders .I think it work for me …......

    This is my setup

    Internet connection 10mps broadband : pfsense PPPOE  setup on wan : one lan setup : to switch

    Here I am using pfsense as router , firewall and proxy I don't know is this cause any problem for me ..... advise and leading to handle is this great pfsense is more appreciate to all



  • Is your block rule above the default LAN rule?



  • If you want to separate your wifi and lan traffic, you need to use VLANs or add another NIC to the pfsense firewall. Any device plugged into that switch, can talk to each other. They never go through the firewall.



  • @heavy1metal:

    If you want to separate your wifi and lan traffic, you need to use VLANs or add another NIC to the pfsense firewall. Any device plugged into that switch, can talk to each other. They never go through the firewall.

    BY your word , vlan is essential for me to separate my network lan and wifi .Is it possible to vlan on currently configure and working pf system …........

    thanks for your great words



  • @josekym:

    Is your block rule above the default LAN rule?

    I edited but only allow needed port on the lan .why you ask me so .have any problem here …please open your words



  • Yea pfsense supports vlans, I have about 6 setup now.
    http://networktechnical.blogspot.com/2007/04/pfsense-how-to-setup-vlans.html

    You would need a switch that supports VLAN tagging however.

    Otherwise you add another NIC to your firewall, which is probably cheaper/easier to do.


Locked