|
Post by bittwiddler on Feb 15, 2018 3:50:28 GMT
Hello SmallWall gurus,
I have a computer which I would like to allow full use of the LAN network but block access to the WAN. I have not been able to figure this out. I understand I cannot block by MAC address which should be OK. I am able to assign a static IP to the client so a DHCP renew won't get around the rule. Can anyone provide some guidance?
Many thanks!
|
|
|
Post by Lee Sharp on Feb 15, 2018 4:38:40 GMT
You will always have full access to the LAN because that traffic does not cross SmallWall at all. To block it to WAN, use a static IP or statically assign one with DHCP, then create a block all rule for that IP. Note that it must be first in the list, or the default pass rule will pass it before it gets there.
|
|
|
Post by bittwiddler on Feb 15, 2018 5:22:24 GMT
Thank you Lee. I understand the caveat with LAN. I tried blocking it to WAN but must have gotten too clever by half at some point. I will have another go at it and see what happens.
|
|
|
Post by Lee Sharp on Feb 15, 2018 5:47:28 GMT
You need to be on the LAN interface. Rules are based on source... You will make one that looks like the default rule, but the source is the IP address, and it is a block not a pass.
|
|