Block active LAN user from internet

General questions.
Post Reply
User avatar
mpyusko
Posts: 6
Joined: July 19th, 2018, 6:41 pm
Location: Rochester, NY

Block active LAN user from internet

Post by mpyusko » July 12th, 2019, 10:39 pm

So my son got himself in trouble, so I've decided to block his computer from the Internet. He's mid-game, so I'm expecting to hear screams, but nothing is happening. Rule is configured...
Screenshot_20190712-183226_Firefox.jpg
..and I apply the new rule. The one above it is a deactivated rule to block his brother's machine.

I even tried

Code: Select all

 /etc/init.d/firewall restart
via ssh and that's not working either. I haven't tried rebooting, but I feel as though I shouldn't need to disrupt everyone just to block 1 PC.

Thoughts?
-mpyusko

Image

Image

Image

JonM
Posts: 142
Joined: August 4th, 2017, 5:49 pm
Location: US

Re: Block active LAN user from internet

Post by JonM » July 12th, 2019, 11:23 pm

I can't answer about the Firewall Rules. But you might want to try blocking via the web proxy. Add the IP address (and maybe MAC address) to the Network based access control > Banned IP addresses (one per line). Be sure to click Save and Restart.

Hopefully this will cause the appropriate reaction.

NOTE: This may only block the http stuff and not the https stuff.

https://ipfire:444/cgi-bin/proxy.cgi

Screen Shot 2019-07-12 at 6.14.21 PM.png
Production:
Image

Testing Raspi 3B+:
Image

ipfireuser5150
Posts: 32
Joined: May 18th, 2019, 5:28 pm

Re: Block active LAN user from internet

Post by ipfireuser5150 » July 13th, 2019, 11:11 am

The firewall rule looks right. Make sure you're hitting Apply on the Firewall Rules page. What needs to happen is a network disconnect/reconnect. This can be scheduled under Network->Connection Scheduler. I'm not sure what other way to do it in a one-off way, but you could schedule it for 1 minute in the future.

I used to do curfew hrs this way. It wasn't ideal. Everyone experiences a little hiccup when the disconnect happens, and it's annoying when schedules change (weekdays vs weekend, no school holidays) because I have to get back into ipfire and update it, which is no way to automate things.

I'd also try the proxy banning that JonM mentioned. See which is more convenient if this will be happening more. Another option is if he's got a wire going to his room, just unplug it from the back of the firewall.

Post Reply