How to block local LAN SPecific IPs from INternet

General questions.
Post Reply
User avatar
UAW-Chrysler NTC
Posts: 16
Joined: October 23rd, 2018, 10:29 am

How to block local LAN SPecific IPs from INternet

Post by UAW-Chrysler NTC » January 9th, 2019, 6:01 pm

Hey Everyone,
What's the best practice for blocking a select few local IPs on the LAN (green side) from going to the Internet ?
Just don't want anything from those 4 PCs on the LAN to be able to go Internet bound.
What's the best practice ?

I've thought of using Web Proxy & URL Filter and specifying the IPs in question.
However that seems like just 80 & 443 traffic.

Thanks
UAW-Chrysler NTC |Warren, Michigan, USA
IPFire 2.21 (x86_64) - Core Update 126

molisi.fifita
Posts: 13
Joined: December 30th, 2017, 2:01 pm

Re: How to block local LAN SPecific IPs from INternet

Post by molisi.fifita » January 16th, 2019, 11:37 pm

What i have here.. since everyone are force into proxy, I just blocked those PC by put their MAC address on "Banned MAC Address" under Advance Web proxy configuration. Even if they remove their proxy setting, still cant access to internet.

User avatar
Deepcuts
Posts: 459
Joined: March 1st, 2016, 3:18 pm
Location: Romania

Re: How to block local LAN SPecific IPs from INternet

Post by Deepcuts » January 17th, 2019, 12:44 pm

Assign static IPs via DHCP. Better yet, also get a smart switch to make sure client X on port X can only come from specific MAC so the user cannot change MAC and IP, thus bypass the rule.
Haven't tested, but I think you might need to create a rule to allow traffic from the selected IPs to the DHCP server 1st if you are using IPs. To go around this, input the MAC directly instead of the IP (but you will not have an IP for local lan coms.
drop.png
Image
Image

Post Reply