I've a pfsense firewall with a managed switch, and i created a VLAN: all works fine, but what i want to do is to block the communication between the hosts in my VLAN.
For example, i want that an host can't able to ping another host and an nmap scan show only the localhost and the virtual gateway.
How can i do that?
I try in this way (the first rule), but doesn't works.
VLAN pfSense – Block Communication Between Hosts in the Same VLAN
pfsensevlan
Best Answer
As has already been stated, communication between devices on the same VLAN (or layer-2 segment) does not cross a router but only the switch(es) in between the devices.
Depending on the switches' capabilities, there are several methods to control traffic within a VLAN.
ACLs work by permiting or denying certain source/destination IPs, or TCP or UDP ports. E.g. you can permit all devices within the 10.1.2.0/24 to communicate with a server at 10.1.2.10 while denying all other inter-VLAN traffic:
Port-based filtering works by limiting the client ports to communication with the server and router ports and filtering all else. This is sometimes also called protected ports or source-port filtering where these ports are not allowed to communicate with each other. Port-based filtering doesn't work well across up and downlinks as they cannot distinguish between wanted server and unwanted peer traffic across multiple switches.