Blocking internet traffic from single LAN client

  • I must be missing something simple here.  Goal is to block Internet access to my kid's iPad during a certain time period (aka… when she should be sleeping).

    I setup a schedule and block rule under LAN and moved it to the top of the list.  Internet was still accessible during the schedule period.  I removed the schedule to troubleshoot, and internet access is still not being blocked.  Firewall rule is configured as follows:

    Action: Block
    Interface: LAN
    Address family: IPv4
    Protocol: any
    Source: I have the source set as the internal IP address of her iPad, which I have assigned a DHCP reservation on my DHCP server so her iPad is always assigned the same IP address.
    Destination: any

    I have reset states.

    Firewall shows some traffic from her IP address as being blocked, but i can still browse most of the web without issue.  For example, I can get to, but not to

    Any ideas?


  • Maybe it goes out by IPv6. There are also IPv6 addresses available for,, but not for

    Try modify the address family to IPv4+IPv6 in your rule.

  • Ah! I think your right.

    I can't use IPv4+IPv6 because an IPv4 address can not be used in combined IPv4 + IPv6 rules.

    How would I block IPv6 from a single client?

  • Same way as IPv4, but with an IPv6 address (using a second rule)…. IPv6 addressing can be much more difficult though, as it isn't always as static as the IPv4 side - depending on how you are doing IPv6 addressing on your network.

    That is the main reason I still block all IPv6 going out of my networks.