Blocking Unknown Subnet 192.168.178.0/24 on Opsense

Cipher · February 09, 2024, 12:24:52 PM

Hi Guys,

somehow i noticed this subnet in our network.
192.168.178.0/24.
is there a way to block it using a alias?

Patrick M. Hausen · February 09, 2024, 12:40:46 PM

Yes? What exactly is your problem?

Firewall > Aliases - create alias of type network with that network in it
Firewall > Rules > <interface> - create block rule

Cipher · February 09, 2024, 03:57:43 PM

Quote from: Patrick M. Hausen on February 09, 2024, 12:40:46 PM
Yes? What exactly is your problem?

Firewall > Aliases - create alias of type network with that network in it
Firewall > Rules > <interface> - create block rule

Thank you for your reply. Someone has attached a DHCP server to the existing network. It's for an organization( charitabilly ) I assist, and I want this DHCP to be blocked and not be distributed.

Patrick M. Hausen · February 09, 2024, 04:42:50 PM

That's not possible. Traffic on a single network, especially broadcasts like DHCP do not go through your OPNsense so they cannot be filtered.

You need a managed and filtering switch to achieve that.

But OPNsense does set the "authoritative" flag for ISC dhcpd. Theoretically that should overrule any rogue servers. Are you using OPNsense as your official DHCP server?

Cipher · February 09, 2024, 05:29:48 PM

Yes Opnsense is our DHCP server.
i noticed the AP recieved DHCP Ip from the rogue dhcp now.

Blocking Unknown Subnet 192.168.178.0/24 on Opsense

Cipher

February 09, 2024, 12:24:52 PM

Patrick M. Hausen

February 09, 2024, 12:40:46 PM #1

Cipher

February 09, 2024, 03:57:43 PM #2

Patrick M. Hausen

February 09, 2024, 04:42:50 PM #3

Cipher

February 09, 2024, 05:29:48 PM #4