Hi, you can only restrict the access/traffic to services provided and managed by pfSense. But there might be another possibility like using snort package, activating it on the LAN side and permit only the traffic from the IP’s that you allow. I think this can be done, but certainly needs further investigation to confirm this possibility.
Carlos From: kohenk...@gmail.com [mailto:kohenk...@gmail.com] On Behalf Of Moshe Katz Sent: quarta-feira, 2 de Março de 2011 00:20 To: support@pfsense.com Cc: Cole Devitt; t...@casanueva.com Subject: Re: [pfSense Support] Only allow DHCP assigned addresses access to network I think Andy means, "how do I stop people who set a static IP on the same subnet as my network from getting on the network?" The short answer is that you can't do that easily. Internal network traffic does not pass through the pfSense and cannot be stopped by it. You may be able to prevent internet access (or access to other network segments) by programmatically creating an alias built from the DHCP client table. I don't know how easy that is in practice but that is what I might do. Moshe ------------------------------ Moshe Katz -- mo...@ymkatz.net -- +1(301)867-3732 On Tue, Mar 1, 2011 at 6:49 PM, Cole Devitt <cdev...@gotoworkonenw.com> wrote: If a computer doesn't pick up a DHCP address I believe it gets an APIPA address, a 169.192 address if I recall right. With an apipa address the computer wouldn't be able to do much of anything anyways as the subnet is different and there isnt a gateway to my knowledge, so a standard setup of a DHCP server and client machines sounds like what you want no? If a computer isn't receiving a DHCP address from your pfsense then you have a configuration issue, or your scope is too small (not set to give out enough addresses), or there is a physical problem somewhere in your network. On Mar 1, 2011, at 5:40 PM, "Andy Graybeal" <andy.grayb...@casanueva.com> wrote: > Hi, > I would like every machine on my network to get it's address from > PFSense's DHCP server. > > If it doesn't receive an address from the DHCP server (if they pick some > arbitrary address on the same subnet) how do I dis-allow them access to > network services? > > Does this make any sense to do this? Does this make sense to not do this? > > -Andy > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
