Blocking internet traffic from single LAN client
I must be missing something simple here. Goal is to block Internet access to my kid's iPad during a certain time period (aka… when she should be sleeping).
I setup a schedule and block rule under LAN and moved it to the top of the list. Internet was still accessible during the schedule period. I removed the schedule to troubleshoot, and internet access is still not being blocked. Firewall rule is configured as follows:
Address family: IPv4
Source: I have the source set as the internal IP address of her iPad, which I have assigned a DHCP reservation on my DHCP server so her iPad is always assigned the same IP address.
I have reset states.
Firewall shows some traffic from her IP address as being blocked, but i can still browse most of the web without issue. For example, I can get to yahoo.com, youtube.com but not to espn.go.com.
Maybe it goes out by IPv6. There are also IPv6 addresses available for yahoo.com, youtube.com, but not for espn.go.com.
Try modify the address family to IPv4+IPv6 in your rule.
Ah! I think your right.
I can't use IPv4+IPv6 because an IPv4 address can not be used in combined IPv4 + IPv6 rules.
How would I block IPv6 from a single client?
Same way as IPv4, but with an IPv6 address (using a second rule)…. IPv6 addressing can be much more difficult though, as it isn't always as static as the IPv4 side - depending on how you are doing IPv6 addressing on your network.
That is the main reason I still block all IPv6 going out of my networks.