Allow Internet access only for DHCP/static (pfSense) assigned IP addresses



  • I am wondering if there is a way to only allow Internet access to devices that have assigned IP addresses? I don't want to use whitelists, but I do want to only allow devices that have IP addresses assigned by pfSense either from static mappings or the DHCP server to access the Internet.



  • Hi,

    need more details about you setup ( one LAN interface or more ) but did you check at Services: DHCP server

    options:

    Deny unknown clients

    Enable Static ARP entries

    and also

    set pass rule in your interface to pass traffic only from that interface network ?



  • Create an alias to populate your static (allowed) IPs with. Set your static DHCP mappings to your allowed devices and amend the Default-to-any rule to allow traffic from just the alias you created earlier.


Log in to reply