Block Download on on a selected IP on LAN?
-
Good day!
I just want to ask on what is the firewall rule to add in order to block a given IP address on my LAN? The IP can still access the Internet but will not be able to download files from the Net.
Thank you!
-
If I'm understanding you correctly, you want them to be able to browse web sites, but not be able to download files?
If that's the case, the firewall isn't capable of doing that. A firewall works mainly on layer 3, and you'd need to do extension parsing to achieve what you're looking for. Dansguardian would, however, fit the bill. -
thank you timthetortoise!
With your suggestion, I came up ith this guide which is very helpful!
http://forum.pfsense.org/index.php?topic=42664.0
However, thus dansguardian has a ready made package for pfsense? As of the topic above, it is for manual instalaltion only.
-
Yes, install both the Squid and Dansguardian packages from your "Available Packages" list.
-
thank you timthetortoise!
I wonder why is Dansguardian not available in my package list? Im using PfSense 2.0.3-RELEASE (i386).
-
Are any packages showing up in the available list? If not, DNS most likely isn't configured correctly.
-
thank you timthetortoise!
Yes there are available packages shown in package list but some are not like dansguardian, pfBlocker, etc..
My DNS server is blank as shown below. Should I put One on it? What DNS Server is to be used?
Thank you!
-
you can try this one.
![27-09-2013 3-50-57 PM.png](/public/imported_attachments/1/27-09-2013 3-50-57 PM.png)
![27-09-2013 3-50-57 PM.png_thumb](/public/imported_attachments/1/27-09-2013 3-50-57 PM.png_thumb) -
thank you
I got this message "Unable to retrieve package info from chudy.0fees.net. Cached data will be used." I also got this message before putting dns. Ive also uncheck this settings "Allow DNS server list to be overridden by DHCP/PPP on WAN: to force use the dns provided but still the same..
Thank you!
-
It sounds like you may actually be getting your DNS info from DHCP if it was working - but using 8.8.8.8 and 8.8.4.4 for DNS is pretty much always a safe bet.
-
I got this message "Unable to retrieve package info from chudy.0fees.net. Cached data will be used."
Don't use that Lusca package.
https://forum.pfsense.org/index.php?topic=69295.msg405783#msg405783