How to block manual ips getting internet connection



  • Hello. I have a private network firewalled by pfsense with wriless accespoints. I wanna block all of manual ips from getting through the pfsense. Kids somehow find the wriless password and connects to via but I have prevented them to connect internet using pfsense with disabling dhcp and giving to known mac adresses manual ip. But the problem is when I set up manual ip on a client which is not registered on pfsense gets to connect internet and is not blocked to get through. This is a big problem for me to solve in the near future. Because the kids do not know this issue yet but eventually they will figure that out and when they did (I hope that does not happen) pfsense won't serve to my purpose.

    Can you help me with this? Thanks.



  • Create an alias with all configured IPs. Only allow traffic for those IPs and block the rest.



  • That would help but I have more than 30 computers, so any other ideas except this one ?



  • Depending on the address scheme you used there might be options. Which addresses do you currently use?



  • I have found a solution to it but I would be really greatfoull to hear your opinion if you had another idea. Do you mean by "scheme" the ip scheme? Like 192.36.36.32 or 192.165.165.1 ?



  • Something like that. If your IPs are in a range like 192.168.0.10 - 192.168.0.45 with a /24 mask then there are options with clever aliases.
    Since you only remark "I found a solution" without telling what you did this gets unproductive.



  • Sorry I was dealing with the new occured issues and could not reply this post. I did what you told me to do@jahonix:

    Create an alias with all configured IPs. Only allow traffic for those IPs and block the rest.

    . I did not wan to do that first because it was required alot of times but I did not see any other trusted way other than this so I did what you suggest me to do. Thanks. Now I am having another problem with squid. Once upon a time I have downloaded 2.7 version of squid and and squid guardian to use content filter but it blocked all my connections so I had to reset my firewall to default. So now I am trying to instal squids new version with squidguard but package manager does not delete old packages and replace it with last version. So why Squid and Squidguard don't work fine. How can I delete the old packages from pfsense using shell?



  • I don't know.
    Please read in the packages board what others did to solve their problems and after that post over there.