Will pfsense block any unauthorised traffic



  • for ref I've attachd the topology

    I'm using pfsense as a transparent firewall and with both (lan and wan bridged). Also I've ip-mac binded the 10.10.1.10 client and given him all access rights but another client 10.10.1.13 which has been statically configured with gateway 10.10.1.253 is able to bypass pfsense rule (in dhcp do not allow any unknown client to use this interface) and access the network

    guys pls help correct me where am I wrong

    thanks in advance



  • What ip address have you given the wan interface and do you have any default block rules ticked for the wan interface?

    There is no default block rules for lan clients so you will need to add them yourself but be careful you dont block yourself from accessing pfsense.



  • thanks for replying

    As reflected in topology I've used 10.10.1.252 the only problem is clients that have been statically ip-mac binded are working well but clients who have are using static ip with gateway of 10.10.1.253 are not getting blocked even though and completely bypassing the rule in dhcp table (deny any unknown hosts to use this interface)

    thanks again



  • Well this is a configuration I have not done before myself so I'm going to bow out of this thread.



  • Please post your firewall rules along with the expected and actual behaviors, you're not providing enough information as-is.

    Edit: actually I think you're completely misunderstanding what the unknown clients option is. That simply means that anyone not in the static leases table will not be able to grab a DHCP address - it has absolutely nothing to do with limiting access to/through the interface. You're looking for firewall capabilities in the DHCP server, which is not even close to how it works.



  • Finally I've corrected the error with default (tick) in advanced rules all traffic was bypassing firewall finally its been done thanks to ya all for the support :)


Log in to reply