I have 10 hosts with scattered IP addresses.
I need to inhibit the internet connection to all 10 hosts at the same time. What is the simplest solution and free of possible “side effects” to achieve what I want?
Hi @nicovon i think you need to tell a bit more about your environment, for providing you the less painful way to achieve what you’re looking for 
And a bit more about these hosts.
NethServer release 7.9.2009 (final)
kernel version: 3.10.0-1160.31.1.el7.x86_64
the 10 hosts are computers with Windows 10 Pro
@nicovon still “poor info”, unfortunately. Starting from your environment.
Anyway, you asked for…
If these devices should not go at all on internet, you can arrange different ways to stop them getting on the net.
This is only one…
- I am assuming that NethServer is the DHCP Server of your network. So create a reservation for every host, into the most contiguous available space (i.e. from IP
192.168.2.201to192.168.2.211) - I am assuming that NethServer is the gateway of the network. Create into firewall objects a IP range that overlap (at least a bit more… 16 hosts, not 10, so you can expand your group only adding a reservation); call it as you wish, but make it understandable
- then create a firewall rule from the zone/interface of these computers, to RED for disabling access to RED from the group to every red address
Obviously the devices will know that internet is no more available, and windows update as all services will complain about that.
2 Likes
should the rule be created in this tab (network services)?
Firewall section, not network services.
@nicovon it’s an english forum, post screenshot in english.
I am italian and i understand anyway, but others don’t
Io sono italiano e capisco ugualmente, ma gli altri no!
2 Likes
okay like this?
Check the box for write to log and… check the log
If you will have the result you’re looking for, you can disable the logging options.
IMVHO shold be OK.
1 Like
the result I was looking for is obtained with the rule set like this:
in short, if I set destination in “Role red” the hosts continue to have internet connection, while if I set destination in “Any” the hosts have no internet connection, that is what I wanted to achieve.
Is it normal that I have to set destination in “Any” to be able to inhibit the internet connection to hosts? shouldn’t it be enough to set destination in “Role red”?