Hi,
How can i block the access to the internet of 1 device (or IP) in Nethsecurity ?
I like to prevent an update of a device because this update breaks a few things
Auto update is disabled in the device, but apparently they push the update.
A lot of people having issues now
Guessing is about Windows.
Windows Update or Driver update?
24H2 ?
Just a few ways to prevent windows updates on a host computer:
Back to the original question, I think you can create a firewall rule to block All traffic for the specific host IP address or host firewall object to RED/WAN interface. Bear in mind I haven’t played much with nethsec at the moment, so don’t know the step-by-step procedure.
I bet you would find useful a network map with options to block, restrict, remove specific hosts like some SOHO routers do.
Hi Marc
It is for my Somfy box for the sunscreens.
An update is breaking the API and it seems they do an auto update even this is disabled.
A fix is underway but i like to prevent the update.
On the LAN i want to box this accesable.
So only an IP block to the outside
Hi,
I am writing simply because I did this just yesterday for an appliance (a Bambu 3D printer) that I didn’t want to talk outside of the LAN. I have the way I did it, and then there is the way I wanted to do it but, I am using Nethsecurity for just one day now, so I have not figured it out yet.
Done: Under firewall rules an entry with source zone LAN, source address printer IP, destination zone WAN, action drop. This works just fine.
What I wanted to do: I wanted to block the MAC address in the same manner, but didn’t find a way to do that yet. Also, what if I want to block TCP and or only UDP? Haven’t seen that possibility yet upon a cursory look of the filtering options.
Hello folks, and welcome Deckard!
To block the connection to outside for a device, you can simply add a rule in the Firewall → Rules section, specifically, a forwarding rule.
Type in the source IP of the device (or pick an object), select Any destination address and pick your exit zone (in this case, should be a WAN)
Sorry for the small font! Can’t fit all the side drawer in one screenshot!
I’d rather reserve a static lease for the device, and set it’s (now) static IP here, easier to manage on the long run and ensures other devices cannot end up using the IP of the device you want to block.
This can be done, by going in the drawer and choosing Custom service in the Destination service dropdown. Additional forms will pop up asking what protocol do you want to use (in this case UDP or TCP or both!) then fill the Ports field with 1-65535.
(additionally you could block specific DNS IPs using the Domain Sets objects.)
Manual reference: Rules — NethSecurity documentation
I don’t have an environment ready to test this configuration, let me know if works!
I can confirm this is working
Thanks !
Thank you I checked the correct solution
Aha, defining “Custom Service” is the trick, thank you.
