1. Home
  2. pfSense® Software
  3. Firewalling
  4. Allow/Block Internet Access to selected IPs

Allow/Block Internet Access to selected IPs

  • N

    We have 5 computer laboratory with 30-40 PC each

    I created an Allias with IPs of PCs on each lab

    Allias1 has the IPs of computers on Lab1

    Allias2 has the IPs of computers on Lab2

    Allias3 has the IPs of computers on Lab3

    Allias4 has the IPs of computers on Lab4

    Allias5 has the IPs of computers on Lab5

    Now I want to block or allow Internet access on selected Labs… How can I do that?

    for example:

    I just want Lab1 to have access to the internet for now... other Labs shouldnt have access to Internet...

    and I can change anytime which Lab should have internet access..

    HOW? Thanks

    0
  • P

    Go to Firewall, Rules in the web admin interface and select the internal interface to which the labs are connected. Maybe it's the LAN interface?

    Then add allow rules (Action: Pass) where each of the aliases are used as source address. On the the labs that currently shouldn't have internet access you you tick the Disable this rule box.

    At the bottom of the same page you add a reject rule for all traffic on the network.

    Later when you want to change which labs that should have or not have internet access you only need to edit the rule in question and toggle the Disable this rule box.

    0
  • N

    @P3R:

    At the bottom of the same page you add a reject rule for all traffic on the network.

    i dont get this one

    you mean I'll create another rule to block all traffic?

    thanks

    0
  • P

    @noriel:

    i dont get this one

    you mean I'll create another rule to block all traffic?

    Exactly, and it should be placed below all of the allow rules (disabled or not).

    0
  • KOM

    From what I recall, isn't there a hidden Default Deny rule that sits at the bottom of the interface's ruleset?

    0
  • P

    @KOM:

    From what I recall, isn't there a hidden Default Deny rule that sits at the bottom of the interface's ruleset?

    I think so to but there are advantages of adding a reject rule anyway (at least on internal interfaces):
    1. A reject rule makes workstations aware of that the traffic was blocked instead of the session only timing out.
    2. It is more intuitive.
    3. When you for troubleshooting reasons want to log the traffic that is blocked, you already have the rule present and only need to toggle the log option.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy