Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to block manual ips getting internet connection

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fser
      last edited by

      Hello. I have a private network firewalled by pfsense with wriless accespoints. I wanna block all of manual ips from getting through the pfsense. Kids somehow find the wriless password and connects to via but I have prevented them to connect internet using pfsense with disabling dhcp and giving to known mac adresses manual ip. But the problem is when I set up manual ip on a client which is not registered on pfsense gets to connect internet and is not blocked to get through. This is a big problem for me to solve in the near future. Because the kids do not know this issue yet but eventually they will figure that out and when they did (I hope that does not happen) pfsense won't serve to my purpose.

      Can you help me with this? Thanks.

      1 Reply Last reply Reply Quote 0
      • jahonixJ
        jahonix
        last edited by

        Create an alias with all configured IPs. Only allow traffic for those IPs and block the rest.

        1 Reply Last reply Reply Quote 0
        • F
          fser
          last edited by

          That would help but I have more than 30 computers, so any other ideas except this one ?

          1 Reply Last reply Reply Quote 0
          • jahonixJ
            jahonix
            last edited by

            Depending on the address scheme you used there might be options. Which addresses do you currently use?

            1 Reply Last reply Reply Quote 0
            • F
              fser
              last edited by

              I have found a solution to it but I would be really greatfoull to hear your opinion if you had another idea. Do you mean by "scheme" the ip scheme? Like 192.36.36.32 or 192.165.165.1 ?

              1 Reply Last reply Reply Quote 0
              • jahonixJ
                jahonix
                last edited by

                Something like that. If your IPs are in a range like 192.168.0.10 - 192.168.0.45 with a /24 mask then there are options with clever aliases.
                Since you only remark "I found a solution" without telling what you did this gets unproductive.

                1 Reply Last reply Reply Quote 0
                • F
                  fser
                  last edited by

                  Sorry I was dealing with the new occured issues and could not reply this post. I did what you told me to do@jahonix:

                  Create an alias with all configured IPs. Only allow traffic for those IPs and block the rest.

                  . I did not wan to do that first because it was required alot of times but I did not see any other trusted way other than this so I did what you suggest me to do. Thanks. Now I am having another problem with squid. Once upon a time I have downloaded 2.7 version of squid and and squid guardian to use content filter but it blocked all my connections so I had to reset my firewall to default. So now I am trying to instal squids new version with squidguard but package manager does not delete old packages and replace it with last version. So why Squid and Squidguard don't work fine. How can I delete the old packages from pfsense using shell?

                  1 Reply Last reply Reply Quote 0
                  • jahonixJ
                    jahonix
                    last edited by

                    I don't know.
                    Please read in the packages board what others did to solve their problems and after that post over there.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.