Blocking internet traffic from single LAN client
-
I must be missing something simple here. Goal is to block Internet access to my kid's iPad during a certain time period (aka… when she should be sleeping).
I setup a schedule and block rule under LAN and moved it to the top of the list. Internet was still accessible during the schedule period. I removed the schedule to troubleshoot, and internet access is still not being blocked. Firewall rule is configured as follows:
Action: Block
Interface: LAN
Address family: IPv4
Protocol: any
Source: I have the source set as the internal IP address of her iPad, which I have assigned a DHCP reservation on my DHCP server so her iPad is always assigned the same IP address.
Destination: anyI have reset states.
Firewall shows some traffic from her IP address as being blocked, but i can still browse most of the web without issue. For example, I can get to yahoo.com, youtube.com but not to espn.go.com.
Any ideas?
Thanks!
-
Maybe it goes out by IPv6. There are also IPv6 addresses available for yahoo.com, youtube.com, but not for espn.go.com.
Try modify the address family to IPv4+IPv6 in your rule.
-
Ah! I think your right.
I can't use IPv4+IPv6 because an IPv4 address can not be used in combined IPv4 + IPv6 rules.
How would I block IPv6 from a single client?
-
Same way as IPv4, but with an IPv6 address (using a second rule)…. IPv6 addressing can be much more difficult though, as it isn't always as static as the IPv4 side - depending on how you are doing IPv6 addressing on your network.
That is the main reason I still block all IPv6 going out of my networks.