Static IP

  • Dear Team,

    I wanted to block the internet access for the devices that are having static IP. Please tell me the best method.

    Please note that my DHCP server is a different system(CentOS) where I have hundreds of MAC-IP bindings.

  • LAYER 8 Global Moderator

    above the default allow put in a block with the source IPs you don't want to have internet.  If you have lots of them put them in a alias, etc.

  • Hi Johnpoz,

    I think you are talking about adding the IPs to be blocked in the Firewall of the pfsense ..right?

    Anything can be done with IPguard in the Pfsense? Reading the description of the package I found something similar for which I am looking for. But couldn't find much about the confgurations. Please let me know if this can be used.

  • LAYER 8 Global Moderator

    What..  IPguard??
    Ipguard listens network for ARP packets. All permitted MAC-IP pairs listed in config files.
    If it receives one with MAC-IP pair, which is not listed in 'ethers' file, it will send ARP reply with configured fake address.
    This will prevent not permitted host to work properly in local ethernet segment.

    You want to use that to prevent specific IPs from using the internet?

    Dude its a no brainer single rule..  See the block rule at the top that has source IP of – that box is not talking to the firewall its not using the internet.  Since that rule blocks all traffic to pfsense or past pfsense.  Devices that are not coming from that IP will skip that rule and move to the next rule going down from the top and that next default rule on the lan says hey you can go anywhere you want.

Log in to reply