block a pc to talk to other pc inside same network

General questions.
Post Reply
ckruijntjens
Posts: 23
Joined: April 14th, 2016, 2:46 pm

block a pc to talk to other pc inside same network

Post by ckruijntjens » November 28th, 2018, 7:11 pm

Hi everyone,

I have a question. I wanted to block a ip/mac to talk to an other machine inside my green network. can this be blocked? i tried to do

soure = ip adres i want to block
destination = other host on same network (green)

BLOCK

however this is not working? can someone point me in the right direction.

TimF
Posts: 83
Joined: June 10th, 2017, 7:27 pm

Re: block a pc to talk to other pc inside same network

Post by TimF » November 29th, 2018, 8:56 pm

This is not really possible. The two PCs will talk directly to each other without going through IPFire. it's may be possible to make it more difficult by disabling DHCP and DNS, but this will make talking to everything more difficult, so I wouldn't recommend it.

Depending on the facilities of your network switch and/or wireless access point, it may be possible to prevent PCs from talking to each other by setting the correct options, but this will be specific to your actual switch or wireless access point models. Try looking for any options to do with privacy, but it could also be called something else. If your PCs are hard wired through a dumb switch (no user interface) it won't have the necessary facilities, but a smart switch may.

The other alternative is to set up the firewalls on your PCs to prevent them talking to each other. This will require giving them fixed IP addresses. You'll also have to make sure that the users don't have root/administrator access or they'll just change it back.

zargano
Posts: 192
Joined: December 29th, 2017, 7:50 pm
Location: Nordlicht im Ländle

Re: block a pc to talk to other pc inside same network

Post by zargano » November 30th, 2018, 7:38 pm

I think that the most appropriate approach is to use a smart (managed) switch. Switching rules must be applied such that clients are isolated and can only talk to an uplink device, e.g. router towards the Internet.

IMHO fixed IP addresses are not always necessary. My TP-Link T1600G-28PS comes with a feature, where I can assign this isolation without knowledge of any IP address.

parker_lewis
Posts: 9
Joined: July 23rd, 2018, 7:24 am

Re: block a pc to talk to other pc inside same network

Post by parker_lewis » December 1st, 2018, 10:49 am

The solution is quite easy but not fitting to the specification ;)

You need to create the blocking rules for both pc. In the next step you change the local ip-settings on both machines to static. The clue is the set the subnetmask to 255.255.255.255. normally 255 in the end is set for a single-ip subnet. therefore the machine is always forced to use the gateway, in this case the ipfire. And if the machine uses the gateway, the iptables rules are enforced and working. as i mentioned it is not quite sticking to the rules but working.

Post Reply