OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: PimB on July 15, 2018, 11:47:16 pm

Title: How to block one client from accessing another
Post by: PimB on July 15, 2018, 11:47:16 pm
I'd like to block TCP/UDP access from one client (192.168.2.10) tot a other client (192.168.2.30) wich has a webserver.

A simple block firewall rule from - to doesn't seem to work.

How can I achieve this?
Title: Re: How to block one client from accessing another
Post by: mimugmail on July 16, 2018, 05:59:35 am
Only with a Firewall on the second client.
Title: Re: How to block one client from accessing another
Post by: bartjsmit on July 16, 2018, 08:23:48 am
You need to separate them at layer 2 or layer 3 to force them to go through the firewall. That means (respectively) putting them on different VLAN's or on different IP subnets, or preferably both.

Different subnets is easiest, since the firewall is a router out of the box. You will need to move the web server to a different firewall network interface with a separate switch. If you don't want to have multiple firewall interfaces and multiple switches, VLAN separation is the answer.

Bart...
Title: Re: How to block one client from accessing another
Post by: PimB on July 16, 2018, 08:41:52 am
That's clear. Thanks to you both!