Text only | Text with Images

OPNsense Forum

Archive => 23.7 Legacy Series => Topic started by: Cipher on February 09, 2024, 12:24:52 PM

Title: Blocking Unknown Subnet 192.168.178.0/24 on Opsense
Post by: Cipher on February 09, 2024, 12:24:52 PM
Hi Guys,

somehow i noticed this subnet in our network.
192.168.178.0/24.
is there a way to block it using a alias?
Title: Re: Blocking Unknown Subnet 192.168.178.0/24 on Opsense
Post by: Patrick M. Hausen on February 09, 2024, 12:40:46 PM
Yes? What exactly is your problem?

Firewall > Aliases - create alias of type network with that network in it
Firewall > Rules > <interface> - create block rule
Title: Re: Blocking Unknown Subnet 192.168.178.0/24 on Opsense
Post by: Cipher on February 09, 2024, 03:57:43 PM
Quote from: Patrick M. Hausen on February 09, 2024, 12:40:46 PM
Yes? What exactly is your problem?

Firewall > Aliases - create alias of type network with that network in it
Firewall > Rules > <interface> - create block rule

Thank you for your reply. Someone has attached a DHCP server to the existing network. It's for an organization( charitabilly ) I assist, and I want this DHCP to be blocked and not be distributed.
Title: Re: Blocking Unknown Subnet 192.168.178.0/24 on Opsense
Post by: Patrick M. Hausen on February 09, 2024, 04:42:50 PM
That's not possible. Traffic on a single network, especially broadcasts like DHCP do not go through your OPNsense so they cannot be filtered.

You need a managed and filtering switch to achieve that.

But OPNsense does set the "authoritative" flag for ISC dhcpd. Theoretically that should overrule any rogue servers. Are you using OPNsense as your official DHCP server?
Title: Re: Blocking Unknown Subnet 192.168.178.0/24 on Opsense
Post by: Cipher on February 09, 2024, 05:29:48 PM
Yes Opnsense is our DHCP server.
i noticed the AP recieved DHCP Ip from the rogue dhcp now.
Text only | Text with Images